AgenceEvana
Back to bulletins
Critical2026-03-31CVSS N/Asupply-chainnpmaxiosjavascriptc2

Axios npm Package Compromised — Malicious Versions Phone Home to C2 Server

Malicious versions of the widely-used axios HTTP client (1.14.1 and 0.30.4) were published to npm, injecting code that contacts a Command & Control server and exfiltrating sensitive data from build environments.

Context

On March 31, 2026, a supply chain attack was identified targeting axios, one of the most downloaded npm packages (over 60 million weekly downloads). The attacker published compromised versions that inject malicious code attempting to establish connections to a Command & Control server.

Affected Versions

  • axios@1.14.1 — malicious version, safe version: 1.14.0
  • axios@0.30.4 — malicious version, safe version: latest clean 0.x release
  • plain-crypto-js@4.2.1 — rogue dependency introduced by the attack (should not exist)

The malicious versions introduced plain-crypto-js@4.2.1 as a dependency, which is not a legitimate package and serves as the primary payload carrier.

Attack Vector

The compromised package contains code that:

  1. Contacts a C2 server at the domain sfrclak.com from build environments
  2. Exfiltrates environment variables, which commonly contain API keys, database credentials, and cloud tokens
  3. Runs during install/build, meaning CI/CD pipelines are the primary targets

This follows the same playbook seen in recent supply chain attacks on ua-parser-js (2021) and the TeamPCP campaign (2026): compromise a widely-used package, inject a stealer that harvests secrets from CI/CD environments.

Impact

Any project that installed axios@1.14.1 or axios@0.30.4 may have had its build environment secrets exfiltrated. This includes:

  • API keys and tokens (AWS, GCP, Stripe, etc.)
  • Database credentials stored as environment variables
  • CI/CD secrets (GitHub tokens, deploy keys)
  • Private keys accessible in the build context

Detection

Check if your project is affected:

# Search lockfiles for the malicious dependency
grep -r "plain-crypto-js" package-lock.json yarn.lock pnpm-lock.yaml

# Check installed version
npm ls axios

# Search node_modules directly
find node_modules -name "plain-crypto-js" -type d

If plain-crypto-js appears anywhere in your dependency tree, you are affected.

Remediation

  1. Pin axios to a safe version — downgrade to axios@1.14.0 immediately
  2. Delete node_modules and lockfile, then reinstall: 
    rm -rf node_modules package-lock.json
npm install axios@1.14.0
  3. Rotate all secrets — treat every credential accessible during build as compromised:
    • API keys (cloud providers, SaaS services)
    • Database passwords
    • Deploy keys and tokens
    • Session signing secrets
  4. Audit CI/CD logs — check for outbound connections to sfrclak.com
  5. Redeploy clean builds — ensure no cached artifacts from compromised versions remain

Timeline

  • March 31, 2026 — Malicious versions 1.14.1 and 0.30.4 published to npm
  • March 31, 2026 — Vercel security team identifies the compromise, blocks C2 domain
  • March 31, 2026 — Malicious versions reported to npm for unpublishing

Recommendations

  • Pin exact versions in production lockfiles — avoid ^ or ~ ranges for critical dependencies
  • Use npm audit and tools like Socket.dev to detect supply chain anomalies
  • Monitor for unexpected new dependenciesplain-crypto-js appearing in a lockfile is a clear indicator of compromise
  • Limit CI/CD secret exposure — only inject secrets into steps that actually need them
  • Enable npm provenance where available to verify package build origins
Back to bulletins