Axios npm Compromise: Cross-Platform RAT IOCs, Malicious Versions, and Defender Guidance

Analyst Readout

The structured fields below are intended for technical responders, not just general readers.

Executive Summary

The Axios compromise is a high-impact npm supply chain incident because malicious package versions delivered a cross-platform RAT via the injected plain-crypto-js dependency.

Analyst Assessment

This incident combines popular package trust, maintainer compromise, cross-platform execution, and a second-stage retrieval model, which makes both direct package installs and transient CI/CD resolution events relevant to triage.

Impact

Node.js application builds, developer workstations, CI/CD pipelines, macOS, Windows, and Linux systems are all exposed if they resolved the malicious versions.

Exploitation Status

Mitigated, with extensive IOC coverage available for retro-hunts.

Defender Guidance

Locate installs of the malicious Axios and plain-crypto-js versions, review outbound traffic to the listed infrastructure, and search for the reported filesystem artifacts and hashes across macOS, Windows, and Linux endpoints.

Technical Analysis

Agent-authored technical narrative, preserving headings, lists, and code blocks.

Why This Matters

The Axios compromise is especially serious because it paired a widely trusted package with a malicious dependency insertion that led to cross-platform remote-access behavior. This moved the incident beyond a simple typosquat and into maintainer-trust abuse with downstream malware delivery.

Affected Package Coordinates

npm
axios@1.14.1
axios@0.30.4
plain-crypto-js@4.2.1

Known clean rollback targets
axios@1.14.0
axios@0.30.3

Verified Claims

Claim 1: The malicious Axios releases introduced the plain-crypto-js dependency as the delivery path for the RAT

Verified.

Microsoft explicitly identifies the compromised Axios versions and the malicious plain-crypto-js dependency insertion.
Trend Micro's IOC companion material reinforces the package identifiers and malware artifacts associated with the incident.

Why this matters: The malicious functionality was not described as a standalone adjacent package. It rode through a dependency relationship inside trusted Axios releases.

Claim 2: The delivered malware was cross-platform, with distinct host artifacts on macOS, Windows, and Linux

Verified.

Microsoft documents platform-specific artifact paths.
The dataset preserves those paths and associated hashes, including /Library/Caches/com.apple.act.mond, %PROGRAMDATA%\\wt.exe, %TEMP%\\6202033.vbs, %TEMP%\\6202033.ps1, and /tmp/ld.py.

Why this matters: Analysts need to hunt across endpoint platforms, not only in Node package inventories.

Claim 3: The payload retrieved or interacted with second-stage infrastructure rather than ending at package-resolution time

Verified.

Microsoft lists sfrclak.com, callnrwise.com, 142.11.206.73, and the URL http://sfrclak.com:8000/6202033 as part of the malicious chain.
Trend Micro's IOC set corroborates the infrastructure and file evidence.

Why this matters: Exposure includes both the package event and any follow-on network activity that occurred afterward.

Attack Chain

An attacker compromised Axios maintainer trust and published malicious releases.
The compromised releases resolved with the injected plain-crypto-js dependency.
The dependency chain triggered malware retrieval behavior tied to the listed infrastructure.
Platform-specific second-stage artifacts were dropped or executed on affected hosts.
Endpoints and build environments that resolved the malicious versions became candidates for credential exposure and remote-access follow-on activity.

Technical Mechanics

Package-Level Delivery

The key mechanic is dependency insertion inside a trusted package release. Defenders do not just need to know that Axios was malicious; they need to know the malicious dependency name because caches, lockfiles, and mirrors may preserve it independently.

Infrastructure And Artifacts

sfrclak.com
callnrwise.com
142.11.206.73
http://sfrclak.com:8000/6202033

/Library/Caches/com.apple.act.mond
%PROGRAMDATA%\wt.exe
%TEMP%\6202033.vbs
%TEMP%\6202033.ps1
/tmp/ld.py

e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09
fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf
2553649f2322049666871cea80a5d0d6adc700ca
d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71
07d889e2dadce6f3910dcbc253317d28ca61c766

The structure of the reporting indicates a second-stage retrieval model rather than a package that merely embeds a single static payload.

Detection Opportunities

rg -n "axios@1.14.1|axios@0.30.4|plain-crypto-js@4.2.1" package-lock.json pnpm-lock.yaml yarn.lock
rg -n "sfrclak.com|callnrwise.com|142.11.206.73|/Library/Caches/com.apple.act.mond|%PROGRAMDATA%\\wt.exe|%TEMP%\\6202033.vbs|%TEMP%\\6202033.ps1|/tmp/ld.py" /var/log "$WORKSPACE"

Analyst focus:

lockfiles and cached tarballs
proxy or egress logs showing the listed domains or URL
endpoint telemetry for the platform-specific paths
systems that resolved Axios during the compromise window even if current versions are now clean

Open Questions And Confidence Notes

The maintainer-compromise narrative and the malicious dependency insertion are strongly documented by Microsoft.
Trend Micro adds IOC depth, but some lower-level reverse-engineering detail still sits more in IOC format than in a narrative execution trace.
If package diffs or a maintainer postmortem become available, they would improve precision around the exact trigger point inside the published tarballs.

Sources

Microsoft Security Blog
Trend Micro IOC PDF

IOCs

Affected package coordinates and indicators are grouped once for hunting, detections, and review.

npm affected coordinates

axios@1.14.1
axios@0.30.4
plain-crypto-js@4.2.1

pnpm affected coordinates

axios@1.14.1
axios@0.30.4
plain-crypto-js@4.2.1

yarn affected coordinates

axios@1.14.1
axios@0.30.4
plain-crypto-js@4.2.1

bun affected coordinates

axios@1.14.1
axios@0.30.4
plain-crypto-js@4.2.1

domain

callnrwise.com
sfrclak.com

ip

142.11.206.73

path

%PROGRAMDATA%\\wt.exe
%PROGRAMDATA%\wt.exe
%TEMP%\6202033.ps1
%TEMP%\6202033.vbs
%TEMP%\\6202033.ps1
%TEMP%\\6202033.vbs
/Library/Caches/com.apple.act.mond
/tmp/ld.py

post-body

packages.npm.org/product0
packages.npm.org/product1
packages.npm.org/product2

sha1

07d889e2dadce6f3910dcbc253317d28ca61c766
2553649f2322049666871cea80a5d0d6adc700ca
d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71

sha256

617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101
e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09
ed8560c1ac7ceb6983ba995124d5917dc1a00288912387a6389296637d5f815c
f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd
fcb81618bb15edfdedfb638b4c08a2af9cac9ecfa551af135a8402bf980375cf

url

http://sfrclak.com:8000/6202033

Detection Content

Detection logic is rendered as code so technical users can lift it directly into their own tooling.

Axios RAT infrastructure and artifact hunt · bash

rg -n "sfrclak.com|callnrwise.com|142.11.206.73|/Library/Caches/com.apple.act.mond|%PROGRAMDATA%\\wt.exe|%TEMP%\\6202033.vbs|%TEMP%\\6202033.ps1|/tmp/ld.py" /var/log "$WORKSPACE"

Axios package hunt · bash

rg -n "axios@1.14.1|axios@0.30.4|plain-crypto-js@4.2.1" package-lock.json pnpm-lock.yaml yarn.lock

Timeline

A concise event chronology helps responders anchor first-seen and disclosure timing.

Mar 31, 2026, 12:21 AM discovery

Malicious Axios versions and the injected plain-crypto-js dependency were identified in public reporting.

Apr 1, 2026, 12:00 AM analysis

Microsoft and Trend Micro published technical details, hashes, infrastructure, and cross-platform artifact paths.

Sources

Primary references are kept visible so analysts can trace the underlying reporting quickly.

Microsoft Security Blog - Axios npm compromise Apr 1, 2026, 12:00 AM

Primary vendor analysis of the compromised Axios versions and dependency insertion behavior.

Trend Micro - Axios IOCs PDF Apr 1, 2026, 12:00 AM

IOC companion sheet with hashes, package identifiers, infrastructure, and host artifacts.