npm install. Two Words. One Command. Your Machine Is Gone.

INCIDENT — Published March 31, 2026. Details still emerging.

I've spent over thirty years in cybersecurity. I've watched a lot of attacks unfold. What happened today with Axios may be the most technically sophisticated supply chain attack ever executed against the open source ecosystem.

What Is Axios and Why Should You Care?

Axios is the HTTP client library that lets JavaScript applications talk to the internet. Over 83 million downloads a week. 174,000 projects depend on it directly. You've probably never installed it intentionally. You almost certainly have it installed.

The Attack: A Masterclass in Restraint

The attacker never touched a single line of Axios source code. Not one. The 86 source files are completely clean. A traditional code review finds nothing.

Instead, they compromised the npm account of the lead Axios maintainer using a long-lived classic npm access token. They published directly to the npm registry — bypassing the entire GitHub Actions CI/CD pipeline — and added one line to package.json: a dependency called plain-crypto-js@4.2.1. That package is never imported anywhere in Axios. Its only purpose: execute a postinstall script the moment you run npm install.

The Staging: 18 Hours of Patience

18 hours before the attack, the attacker published a clean plain-crypto-js@4.2.0 — establishing the package, building a history.

Then: - 23:59 UTC March 30: Malicious plain-crypto-js@4.2.1 published - 00:21 UTC March 31: Axios 1.14.1 poisoned - 01:00 UTC March 31: Axios 0.30.4 poisoned — both branches hit within 39 minutes

Three platform-specific payloads (macOS, Windows, Linux) were pre-built on a C2 server before a single malicious package was published. This was an operation.

What Happens in 1.1 Seconds

On npm install, a Node.js dropper (setup.js) runs automatically. It fingerprints your OS, contacts the C2 server (sfrclak.com), and deploys a platform-specific RAT:

- macOS: C++ binary dropped to /Library/Caches/com.apple.act.mond, runs silently - Windows: PowerShell disguised as Windows Terminal, VBScript deploys RAT, Registry Run key for persistence across reboots - Linux: Python RAT dropped to /tmp/ld.py, runs via nohup

Then cleanup: postinstall script deletes itself, malicious package.json replaced with a clean pre-staged version. Evidence gone. 1.1 seconds.

Who Did This

Elastic Security Labs has identified significant overlap between the macOS binary and WAVESHAPER — a C++ backdoor attributed by Mandiant to UNC1069, a North Korean threat actor.

This was not opportunistic. This was a nation-state operation against 83 million weekly downloads.

Socket.dev also identified fake OpenClaw packages distributing the same payload: @shadanai/openclaw and @qqbrowser/openclaw-qbot@0.0.130. If you ran npm install openclaw from any unofficial source in the last 24 hours — check now.

Am I Compromised? Check Now.

npm list -g axios

If you see 1.14.1 or 0.30.4 — you were exposed.

Check for RAT artifacts: - macOS: /Library/Caches/com.apple.act.mond - Windows: %PROGRAMDATA%\wt.exe - Linux: /tmp/ld.py

Block or check outbound traffic to sfrclak.com and 194.165.16.98.

⚠️ If You Found Something: Treat the Machine as Fully Compromised

1. Rotate everything — every API key, token, cloud credential, SSH key 2. Downgrade: npm install axios@1.14.0 3. Remove plain-crypto-js from node_modules 4. Block sfrclak.com at DNS/firewall 5. Audit every CI/CD pipeline run during the exposure window 6. Preserve forensic artifacts before wiping

The Bigger Picture

The average npm project trusts 200 to 2,100 strangers with code execution. We built the modern software stack on a trust model never designed to defend against a nation-state with time, resources, and patience.

XZ Utils. event-stream. ua-parser-js. Each one more sophisticated than the last. This is the water supply, not the coffee cup.

March 31, 2026. The day npm install became the most dangerous command in the world.

IOCs: - Malicious packages: axios@1.14.1, axios@0.30.4, plain-crypto-js@4.2.1 - C2: sfrclak[.]com | 194.165.16.98 - macOS: /Library/Caches/com.apple.act.mond - Windows: %PROGRAMDATA%\wt.exe, %PROGRAMDATA%\system.bat - Linux: /tmp/ld.py - Attribution: UNC1069 (North Korea, Mandiant/Elastic)