Feed
CriticalPublished 31 Mar 20264 packages · 8 versions

Axios npm compromise (North Korea-nexus RAT)

Summary

Lead-maintainer account compromised via social engineering. Two malicious axios releases pulled in plain-crypto-js, whose postinstall fetched a cross-platform RAT from sfrclak[.]com:8000. Microsoft + Google attribute to Sapphire Sleet / UNC1069 (North Korea-nexus). Live for ~3 hours; ~100M weekly downloads in scope.

account-takeovermaintainer-takeovercredential-theftci-cd-compromise
Threat actor
Sapphire Sleet / UNC1069
Detected by
Wiz · StepSecurity
Also known as
DPRK-nexus axios compromise
Ecosystems
npm
Packages tracked
4

What happened

On 31 March 2026 the lead maintainer of axios — the most-downloaded HTTP client on npm at roughly 100M weekly downloads — fell to a social-engineering attack against their npm account. Two backdoored releases shipped within 40 minutes: axios@1.14.1 at 00:21 UTC and the legacy-line axios@0.30.4 at 01:00 UTC.

Both versions added a new runtime dependency on plain-crypto-js@4.2.1. That package's postinstall script reached out to sfrclak[.]com:8000 to fetch a cross-platform RAT supporting macOS, Windows and Linux. The implant exposes a remote shell, in-memory binary injection, host reconnaissance, and beacons every 60 seconds for tasking. A secondary domain callnrwise[.]com and IP 142.11.206.73 were also observed.

  • Attacker contact addresses: ifstap@proton.me, nrwise@proton.me.
  • npm advisory: GHSA-fw8c-xr5c-95f9; OSV: MAL-2026-2306.
  • Setup payload SHA-256: e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09.

Microsoft and Google attribute the operation to Sapphire Sleet / UNC1069, a North Korea-nexus cluster historically focused on crypto and developer credential theft. The malicious versions were live for around three hours before npm pulled them, but any CI pipeline that resolved a floating range during that window will have pulled plain-crypto-js as a transitive and executed the postinstall.

Affected packages (4)

  • npm@qqbrowser/openclaw-qbot
    0.0.130
  • npm@shadanai/openclaw
    2026.3.28-22026.3.28-32026.3.31-12026.3.31-2
  • npmaxios
    1.14.10.30.4
  • npmplain-crypto-js
    4.2.1

Impact

  • Cross-platform RAT (macOS/Windows/Linux) with shell, binary injection, recon
  • Beacons to sfrclak[.]com:8000 every 60s for tasking
  • Maintainer workstation compromise → npm account takeover
  • Anywhere in CI/CD that resolved the malicious version on install

What to do

  1. 1Audit axios usage; pin away from 1.14.1 / 0.30.4
  2. 2Reinstall dependencies after pinning, in a clean environment
  3. 3Rotate any credential reachable from build runners during the exposure window
  4. 4Search egress logs for sfrclak.com, callnrwise.com, 142.11.206.73
  5. 5Hunt for setup.js by hash e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09

References

npm-2026-03-axios