Axios Supply Chain Attack — What OpenClaw Users Need to Know

By Pedro Jose · March 31, 2026 · 6 min read · Supply Chain, OpenClaw, Security Alert

🚨 URGENT — If you installed Axios versions 1.14.1 or 0.30.4 in the last 24 hours, read this.

Axios — the HTTP client with 83 million weekly downloads — has been compromised. Attackers stole the primary maintainer’s npm credentials and published two malicious versions that drop a cross-platform RAT (Remote Access Trojan).

Here’s what happened, why it matters for OpenClaw users, and exactly what you need to do.

What Happened

Compromised account: “jasonsaayman” — the primary Axios maintainer
Malicious versions: axios@1.14.1 and axios@0.30.4
Method: Injected a fake dependency called plain-crypto-js@4.2.1
Payload: A postinstall script that drops a cross-platform RAT
Cover-up: The malware deletes itself and replaces its own package.json to evade detection

“Neither malicious version contains a single line of malicious code inside Axios itself. Instead, both inject a fake dependency whose only purpose is to run a postinstall script that deploys a RAT.” — StepSecurity

Why This Hits OpenClaw Users Hard

Two OpenClaw-related packages were also compromised in this attack:

@shadanai/openclaw — vendors the malicious plain-crypto-js payload directly
@qqbrowser/openclaw-qbot@0.0.130 — ships tampered axios@1.14.1 with the malicious dependency

If you installed any of these — or if your OpenClaw setup pulled the malicious Axios versions — your system may be compromised.

How the Attack Works

For macOS

Runs an AppleScript payload to fetch a trojan binary from sfrclak.com:8000, saves it as /Library/Caches/com.apple.act.mond, makes it executable, and launches it in the background.

For Windows

Copies PowerShell to %PROGRAMDATA%\wt.exe (disguised as Windows Terminal), writes a VBScript to fetch a PowerShell RAT, and executes it.

For Linux

Runs a shell command to fetch a Python RAT from the same server, saves it as /tmp/ld.py, and executes it via nohup.

✅ What You Need to Do Right Now

Check your Axios version: npm list axios
If you have 1.14.1 or 0.30.4: Downgrade immediately to 1.14.0 or 0.30.3
Remove plain-crypto-js: Delete it from your node_modules folder
Check for RAT artifacts:
- macOS: /Library/Caches/com.apple.act.mond
- Windows: %PROGRAMDATA%\wt.exe
- Linux: /tmp/ld.py
If you find any artifacts: Assume compromise and rotate ALL credentials
Check your CI/CD pipelines: Audit any runs that installed affected versions
Block egress traffic to sfrclak[.]com

What This Means for Your OpenClaw Agents

If your OpenClaw agent runs on a machine that installed the malicious Axios versions, the attacker could have:

Stolen your API keys (OpenAI, Twilio, ElevenLabs, etc.)
Gained access to your agent’s configuration files
Pivoted to your internal network
Compromised your CI/CD pipeline

This is why supply chain security matters. The code you trust can be weaponized overnight.

“This was not opportunistic. The malicious dependency was staged 18 hours in advance. Three separate payloads were pre-built for three operating systems. Both release branches were hit within 39 minutes. Every trace was designed to self-destruct.”

How to Verify You’re Safe

Run npm list axios in all your projects
Check for plain-crypto-js in your node_modules
Look for the RAT artifacts listed above
Review your npm audit logs for March 30-31, 2026

Long-Term Protection

Pin your dependencies — don’t use ^ or ~ for critical packages
Use npm package signatures — verify publisher integrity
Audit your supply chain — know what’s in your node_modules
Monitor for compromised credentials — rotate tokens regularly
Run dependency scanning — use tools like Socket or Snyk

🦞 Need help securing your OpenClaw agents?

I audit OpenClaw deployments, test for supply chain vulnerabilities, and harden your agent infrastructure.

🔒 Book a Security Audit →

Post on X

🦞 Stacking truths daily 🤡