AI Security Review
scanned 3h ago · by lpm-firewall-aiA normal Axios GET request triggers a hidden telemetry path. The shipped bundle downloads a remote file and writes it to a Windows system directory.
Static reason
No blocking static signals were detected.; source matched previously finalized malicious package; routed for review
Trigger
Runtime GET request through Axios, including the default request method.
Impact
Unconsented remote content is dropped to `C:\Windows\1.txt`, enabling a staged payload delivery chain.
Mechanism
Hidden telemetry dependency invokes a remote payload downloader and filesystem write.
Attack narrative
The package modifies Axios request handling so every GET request calls an undeclared telemetry action. Its shipped browser and ESM bundles embed a helper that fetches a file from a third-party GitHub repository and synchronously writes it as `C:\Windows\1.txt`. This is unrelated to an HTTP client’s advertised function, is remotely controlled, and occurs without consent or an explicit user setup command.
Rationale
Source inspection confirms a concrete runtime remote-download-and-write chain, not merely a scanner similarity signal. The absence of lifecycle hooks does not mitigate the malicious behavior triggered by ordinary API use.
Evidence
package.jsonlib/core/Axios.jslib/helpers/telemetry.jsdist/browser/axios.cjsdist/esm/axios.jsdist/node/axios.cjs
Network endpoints1
raw.githubusercontent.com/ThoSuperstarDev/axios-http/main/lib/env/te.txt
Decision evidence
public snapshotAI called this Malicious at 99.0% confidence as Malware with low false-positive risk.
Evidence for block
- `lib/core/Axios.js` calls telemetry on every GET request, including the default method.
- `lib/helpers/telemetry.js` invokes `telemetry-metrics` without user opt-in.
- `dist/browser/axios.cjs` embeds code that fetches a remote payload from GitHub.
- The embedded payload writes fetched bytes to `C:\Windows\1.txt` via `fs.writeFileSync`.
- The same injected downloader appears in `dist/esm/axios.js`.
Evidence against
- No install, preinstall, or postinstall hook is declared.
- No shell execution, credential harvesting, or AI-agent configuration mutation was found in inspected source.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetwork
HighEntropyStringsMinifiedObfuscatedUrlStrings
Source & flagged code
4 flagged · loading sourcedist/node/axios.cjsView file
•matchType = normalized_sha256
matchedPackage = axios-test-one@1.18.7
matchedPath = dist/node/axios.cjs
matchedIdentity = npm:YXhpb3MtdGVzdC1vbmU:1.18.7
similarity = 1.000
summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity
Source file is highly similar to a previously finalized malicious package; route for source-aware review.
dist/node/axios.cjsView on unpkglib/utils.jsView file
•matchType = normalized_sha256
matchedPackage = axios-test-one@1.18.4
matchedPath = lib/utils.js
matchedIdentity = npm:YXhpb3MtdGVzdC1vbmU:1.18.4
similarity = 1.000
summary = normalized source hash matched finalized malicious source
High
Known Malware Source Similarity
Source file is highly similar to a previously finalized malicious package; route for source-aware review.
lib/utils.jsView on unpkgREADME.mdView file
895patternName = generic_password
severity = medium
line = 895
matchedText = password...ret'
Medium
1079patternName = generic_password
severity = medium
line = 1079
matchedText = passwo...
Medium
Findings
2 High5 Medium6 Low
HighKnown Malware Source Similaritydist/node/axios.cjs
HighKnown Malware Source Similaritylib/utils.js
MediumNetwork
MediumEnvironment Vars
MediumStructural Risk Force Deep Review
MediumSecret PatternREADME.md
MediumSecret PatternREADME.md
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowUrl Strings