Embedded Malicious Code deploying cross-platform remote access trojan
The npm package plain-crypto-js version 4.2.1 is a malicious package published as part of the axios supply chain attack on March 31, 2026. It was injected as a hidden dependency into compromised axios versions (1.14.1 and 0.30.4). The package is never imported in axios source code and exists solely to execute a malicious postinstall script that contacts a C2 server at sfrclak[.]com and downloads a platform-specific RAT payload. On macOS …