The malicious versions of axios differed from legitimate releases by including a dependency on plain-crypto-js, a trojanized package. These versions were published directly via a compromised maintainer account and later removed from npm following disclosure. Due to the short exposure window but high prevalence of axios, even limited availability resulted in measurable execution across environments.
The malicious package includes a dropper (setup.js) that downloads and executes platform-specific second-stage payloads from sfrclak.com:8000, and then self-cleans by deleting itself and restoring a clean package.json. The second-stage payloads function as lightweight remote access trojans (RATs) and beacon to the C2 server every 60 seconds, transmitting system inventory and awaiting commands.
All three variants implement similar capabilities, including remote shell execution, binary injection, directory browsing, process listing, and system reconnaissance, while differing by operating system. On macOS, the payload is a C++ compiled Mach-O universal binary, and is capable of self-signing injected payloads via codesign. On Windows, the payload is a PowerShell script that establishes persistence via a registry Run key (MicrosoftUpdate) and a re-download batch file. On Linux, the payload is delivered as a Python script.