The Axios Hack 2026: What Happened and What You Need to Know

Quick Facts: Axios Hack March 31, 2026

Affected Packages: axios@1.14.1, axios@0.30.4, plain-crypto-js@4.2.1
Attack Window: ~3 hours (Mar 31, ~12:21 AM – 3:00 AM UTC)
Risk: Systems installing these versions may have been compromised by a Remote Access Trojan (RAT)
Immediate Action: Check lockfiles, re-image affected machines, rotate credentials, block sfrclak.com

What Just Happened?

If you build websites or work with JavaScript, you've probably used Axios, it's a super popular tool (400 million downloads per week!) that helps websites talk to servers. Think of it like a messenger that carries data back and forth.

On March 31, 2026, attackers broke into the npm account of jasonsaayman, Axios's lead maintainer, and uploaded two fake versions: 1.14.1 and 0.30.4. These versions looked real, but they secretly included a "backdoor", malicious code that could let attackers remotely control your computer.

The good news? The bad versions were caught and removed within about 3 hours (~03:00 UTC). The bad news? In that short window, anyone who ran npm install might have been infected with a Remote Access Trojan (RAT), meaning attackers could access files, run commands, or steal data from your machine.

How Did This Work? (The Simple Version)

Imagine you order a pizza. Normally, you get pizza. But this time, the delivery driver slips something dangerous into the box without the restaurant knowing.

That's basically what happened here, but the attackers were extra sneaky:

The Setup (March 30, morning): Attackers published a clean, harmless package plain-crypto-js@4.2.0 to build trust and avoid security scanners.
** The Switch (March 30, 11:59 PM) **: They published an evil version plain-crypto-js@4.2.1 with hidden malware
The Trap (March 31, ~12:21 AM): They added this fake package as a "dependency" to Axios, meaning it would auto-install when you installed Axios
The Payload: When you ran npm install, the fake package quietly installed malware on your computer via a postinstall script
The Cleanup: After infecting your system, it deleted itself and replaced its files with clean stubs to hide evidence

The clever part? The Axios code itself was completely clean. All the bad stuff was in this extra package that tagged along for the ride. Even worse, the attackers bypassed all normal security checks, they used stolen passwords to publish directly to npm, skipping the usual GitHub Actions verification process. Real Axios releases have security certificates (OIDC/SLSA attestations); these didn't.

Am I at Risk?

Check this RIGHT NOW:

Open your project and look for these version numbers in your package-lock.json or yarn.lock file:

❌ axios@1.14.1 (published March 31, ~12:21 AM UTC)
❌ axios@0.30.4 (published March 31, ~1:00 AM UTC)
❌ plain-crypto-js@4.2.1 (published March 30, ~11:59 PM UTC)

If you installed Axios between March 30, 11:59 PM UTC and March 31, 3:00 AM UTC, assume your system is compromised.

Also check your computer for these malware files:

Mac: Look for /Library/Caches/com.apple.act.mond (launched via AppleScript)
Windows: Check %PROGRAMDATA%\wt.exe (launched via PowerShell/VBScript)
Linux: Look for /tmp/ld.py (Python-based malware)

Check your network logs for connections to sfrclak.com (IP: 142.11.206.73) on port 8000—this is where the malware "called home" to get instructions from attackers.

If you find any of these:

Disconnect from the internet immediately
Assume full system compromise, this means attackers could have accessed files, passwords, or installed additional malware
Re-image your machine from clean backups (don't just "clean" it, wipe and rebuild)
Rotate ALL credentials, not just project passwords, but email, cloud accounts, SSH keys, API tokens, everything
Check your CI/CD build logs, if your build system cached these versions, other developers might be infected too

What Should I Do?

If You're a Developer:

Do This	Why It Helps
Use `axios@1.14.0` or `axios@0.30.3`	These are the safe versions right before the hack
Commit your lockfile package-lock.json	This locks dependencies so you don't accidentally grab bad versions
Run npm ci instead of npm install in production	`npm ci` only uses your lockfile, never grabs new/random versions
Add `plain-crypto-js` to your blocklist	Prevents this specific fake package from ever being installed
Use npm install --ignore-scripts	Stops install scripts from running automatically (blocks this attack method)
Block `sfrclak.com` at your firewall	Prevents infected machines from talking to the attacker's server

If You're a Team Lead:

Audit all builds from March 30-31, check if any CI/CD pipelines pulled the malicious versions
Force password resets for all team members who might have installed packages during the window
Review access logs for any suspicious activity on your servers or cloud accounts

Why This Matters

This hack was sophisticated and well-planned:

Pre-staging: They built reputation with a clean package first
Dependency hiding: The malware wasn't in Axios itself, but in a package that installs alongside it
Self-destruction: The malware erased itself after infection to avoid detection
Direct publishing: They bypassed GitHub entirely using stolen npm tokens, so there was no code review or security check

It's a reminder that supply chain attacks, hitting the tools we use to build software, rather than the software itself, are becoming more common. One stolen password affected millions of projects worldwide.

The open source world runs on trust, developers sharing code for free. Most of the time that's amazing. Occasionally, it means one compromised account can create a global security incident.

Quick Summary

	Details
Bad versions	`axios@1.14.1` and `axios@0.30.4`
Published	March 31, ~12:21 AM and ~1:00 AM UTC
Removed	March 31, ~3:00 AM UTC (~3 hour window)
Malicious package	`plain-crypto-js@4.2.1`
Attack method	Stolen npm credentials, direct publish, dependency poisoning
Malware type	Remote Access Trojan (RAT) with self-destruct capability
Safe versions	`axios@1.14.0` or `axios@0.30.3` (or anything else)
C2 server	`sfrclak.com:8000` (IP: 142.11.206.73)
Your action	Check lockfiles, re-image if compromised, rotate all credentials, block the domain

For a similar case in AI tooling, see my blog on Claude Code source leak which explains how a single .map file exposed Anthropic's internal code.

Claude Code Source Leak: GitHub Repo, What’s Inside, and What Happened

Looking for the Claude Code GitHub repository or the leaked source from February 2025? Here are the exact mirrors, what they contain, and the story behind how a debugging source map accidentally exposed the internals of Anthropic’s Claude Code tool.

sunil001.com.np