SUNGLASSES scanned the axios RAT from the Claude Code leak

axios Supply Chain RAT (BlueNoroff/Lazarus) — Scanned with SUNGLASSES v0.1.1 | April 1, 2026

What We Scanned

On March 31, 2026, the npm package axios (~83M weekly downloads) was compromised via maintainer account hijack. Malicious versions 1.14.1 and 0.30.4 deployed a cross-platform Remote Access Trojan attributed to BlueNoroff (Lazarus Group) — a North Korean state-sponsored threat actor.

The same day, Anthropic accidentally leaked Claude Code's full source (512K lines). Anyone who installed Claude Code or its forks during a 3-hour window may have pulled the compromised axios.

We obtained the real deobfuscated malware source (460 lines, JavaScript) and scanned it with SUNGLASSES v0.1.1.

CRITICAL

HIGH

MEDIUM

3.67ms

SCAN TIME

Attack Timeline

March 30, ~18h before attack

Attacker publishes [email protected] — typosquat of crypto-js. Contains obfuscated dropper.

March 31, 00:21 UTC

Compromised [email protected] published to npm. Adds plain-crypto-js as dependency with postinstall hook.

March 31, 00:21–03:29 UTC

3-hour window. Anyone running npm install pulls the RAT. Concurrent with Claude Code source leak.

March 31, 03:29 UTC

npm pulls malicious versions. Damage done — binary already on victim machines.

March 31, ~04:00 UTC

Security researchers begin deobfuscating. C2 at 45.128.52.14:1224 identified. Attribution: BlueNoroff.

Scan Results

CRITICAL GLS-SC-002: Credential Path Harvesting

Category: supply_chain | ID: GLS-SC-002

Matched: "solana/id.json"

Code accessing well-known credential file paths — signature of credential-stealing malware.

What the RAT steals:

Solana wallet keys (~/.config/solana/id.json)
Exodus wallet data (exodus.wallet/)
Chrome, Brave, Opera, Edge saved passwords (Login Data)
macOS Keychain (login.keychain-db)
21 browser extension IDs (MetaMask, Phantom, Coinbase Wallet, etc.)
All browser profiles (iterates 0–200 per browser)

HIGH GLS-SC-004: Browser Extension Data Theft

Category: supply_chain | ID: GLS-SC-004

Matched: "BraveSoftware"

Accessing browser extension storage and profile data — targets crypto wallets and saved passwords across Chrome, Brave, and Opera.

MEDIUM GLS-SC-007: Anti-Debugging Trap

Category: supply_chain | ID: GLS-SC-007

Matched: "Function("return (function"

Anti-debugging technique — code that crashes debuggers and analysis tools to prevent reverse engineering. The RAT uses recursive debugger constructor calls with an infinite setInterval loop.

Full RAT Behavior (from source analysis)

1. Credential Harvesting

Scans every Chrome/Brave/Opera/Edge profile (up to 200 each) for saved passwords, extension data, and wallet keys. Targets 21 specific crypto wallet extension IDs including MetaMask, Phantom, and Coinbase Wallet.

2. Data Exfiltration

All stolen data is POSTed as multipart form data to http://45.128.52.14:1224/uploads (AS44477, Stark Industries Solutions). Each upload is tagged with hostname and timestamp.

3. Second-Stage Payload

Downloads a ~51MB archive from the C2 server, extracts it, then fetches and executes a Python script from /client/39/391. Platform-specific: macOS gets a Mach-O binary (NukeSped family), Windows gets PowerShell, Linux gets Python RAT.

4. Anti-Analysis

Recursive debugger traps via setInterval(f3, 4000) — crashes any attached debugger every 4 seconds. Uses Function constructor to generate debugger calls dynamically.

5. Persistence

The postinstall hook runs automatically on npm install. The dropper (setup.js) self-deletes after execution and replaces its package.json with a clean stub — making forensic detection harder.

Attribution

BlueNoroff / Lazarus Group (HIGH confidence)

macOS RAT classified as NukeSped (Lazarus-exclusive family)
Internal project name macWebT links to BlueNoroff's documented webT module (RustBucket campaign, 2023)
C2 infrastructure on Hostwinds AS54290 — 9 confirmed Lazarus IPs on same ASN
Identical User-Agent string across 3 years of campaigns

Sources: Mandiant/Google Cloud, Elastic Security Labs, Datadog Security Labs, Microsoft Security Blog

Honest Assessment

What SUNGLASSES v0.1.1 catches:

Credential path access patterns (SSH, AWS, npm, Docker, wallets, keychains)
Browser extension and profile data theft
Anti-debugging traps
Prompt injection attacks (742 patterns, 23 languages)
Postinstall hook abuse

What v0.1.1 doesn't catch yet (planned for v0.2):

Obfuscated HTTP requests to IP addresses (the RAT uses variable indirection)
Multi-file analysis (following dependency chains across packages)
Binary payload detection (Mach-O, PE, ELF)
Network behavior analysis (actual C2 communication)

Why we publish what we miss: Security tools that claim 100% detection are lying. We tell you exactly what we catch and what we don't. That's how trust works.

Are You Affected?

# Check your axios version
$ npm list axios
# If you see 1.14.1 or 0.30.4, you were hit

# Check for cron persistence
$ crontab -l
# Look for anything hitting sfrclak.com or 45.128.52.14

# Check for the RAT's hidden files
$ ls -la ~/.sysinfo ~/.pyp/ 2>/dev/null
# If either exists, the second-stage payload ran

# Scan your project with SUNGLASSES
$ pip install sunglasses --upgrade
$ sunglasses scan --file node_modules/axios/index.js --channel file -v

About This Scan

Scanner	SUNGLASSES v0.1.1
Patterns	61 attack patterns (53 prompt injection + 8 supply chain), 1,273 keywords, 23 languages
Scan Mode	FAST (pattern matching, file channel)
Scan Time	3.67ms
Scanned File	real_axios_deobfuscated.js (460 lines, deobfuscated from [email protected])
Data Sent	None. Everything runs locally on your machine.
False Positives	0 (validated against 66-test suite including normal files, CSS, API responses)
Source	github.com/sunglasses-dev/sunglasses

VULNERABILITY REPORT