π¨ URGENT: Axios npm Package Compromised β Supply Chain Attack Delivers Cross-Platform RAT
(March 31, 2026 β 00:21β03:29 UTC) What happened? Malicious versions axios@1.14.1 and axios@0.30.4 were published via a hijacked maintainer account. They silently installed a cross-platform RAT via a hidden dependency ( plain-crypto-js@4.2.1 ) during npm install . Whoβs at risk? CI/CD pipelines that auto-install without pinning versions Developers who ran npm install or npm update between 00:21β03:29 UTC Projects using @qqbrowser/openclaw-qbot or @shadanai/openclaw Check your lockfile: grep -E "axios@(1 \. 14 \. 1|0 \. 30 \. 4)" package-lock.json yarn.lock If affected β assume breach: Isolate systems Rotate ALL secrets (API keys, tokens, SSH keys) Rebuild from clean images β donβt clean in place Check for IOCs: macOS: /Library/Caches/com.apple.act.mond Windows: %PROGRAMDATA%\wt.exe Linux: /tmp/ld.py Network: sfrclak[.]com:8000 Prevent future attacks: β Pin dependency versions β Use npm ci in CI β Commit lockfiles β Consider --ignore-scripts in CI β Use Snyk or similar to scan dependenc
Continue reading on Dev.to Webdev
Opens in a new tab
