Skip to main content
Meet us at Black Hat USA 2026— Las Vegas, August 1–6Book a Meeting
Mallory
Back to malware
MalwareRansomwareUsed by 2 actors

WAVESHAPER.V2

WAVESHAPER.V2 is a cross-platform remote access trojan/backdoor deployed in the March 2026 Axios npm supply-chain compromise. Malicious Axios versions 1.14.1 and 0.30.4 pulled in the phantom dependency plain-crypto-js, whose obfuscated postinstall dropper deployed WAVESHAPER.V2 on Windows, macOS, and Linux during package installation. Reporting describes platform-specific variants for macOS (native C++/Mach-O), Windows (PowerShell), and Linux (Python). The malware is described as a fully functional RAT capable of reconnaissance and system telemetry collection, including hostname, username, boot time, time zone, OS version, and running process lists; command execution, including arbitrary shell commands and in-memory PE injection; file system and directory enumeration with detailed metadata; and retrieval/execution of additional payloads. WAVESHAPER.V2 communicates with command-and-control infrastructure using Base64-encoded JSON and polls at 60-second intervals; multiple reports identify sfrclak[.]com and 142.11.206.73 as associated C2 infrastructure. On Windows, reported persistence includes creation of a hidden batch file at %PROGRAMDATA%\system.bat and a Run key named MicrosoftUpdate under HKCU\Software\Microsoft\Windows\CurrentVersion\Run; related Windows artifacts also include %PROGRAMDATA%\wt.exe and temporary script files such as %TEMP%\6202033.vbs and %TEMP%\6202033.ps1. Reported macOS and Linux payload locations include /Library/Caches/com.apple.act.mond and /tmp/ld.py. Google Threat Intelligence Group and other reporting assess WAVESHAPER.V2 as an updated evolution of the earlier WAVESHAPER backdoor and attribute its use in this campaign to UNC1069, a financially motivated North Korea-linked threat actor with prior cryptocurrency-sector targeting. High-confidence indicators mentioned in the content include plain-crypto-js versions 4.2.0/4.2.1 in dependency trees, node_modules/plain-crypto-js/setup.js, sfrclak[.]com, and 142.11.206.73.

Share:
For your environment

Hunt this family in your stack

Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.

Start free trial
THREAT ACTORS

Groups observed using it

2 distinct threat actors attributed by public researchers. Open in Mallory to see the full evidence chain and overlapping campaigns.

View more details
APT38

These versions included a phantom dependency called "plain crypto js" that executed an obfuscated dropper during installation, deploying a cross platform Remote Access Trojan known as WAVESHAPER.V2 across Windows, macOS, and Linux systems.

via zeropath blogzeropath.com
Lazarus

This includes the poisoning of the popular Axios npm package to distribute an implant called WAVESHAPER.V2 after taking control of the package maintainer's npm account via a tailored social engineering campaign.

via the hacker newsthehackernews.com
MITRE ATT&CK

Techniques & procedures

23 distinct techniques documented for this family, organized by ATT&CK tactic.

Initial Access

3 techniques
T1078Valid AccountsEvidence1

after taking control of the package maintainer's npm account via a tailored social engineering campaign

T1195Supply Chain CompromiseEvidence10

On March 31, 2026, threat actors compromised the lead maintainer's npm account and published malicious versions 1.14.1 and 0.30.4. These versions included a phantom dependency called "plain crypto js" that executed an obfuscated dropper during installation, deploying a cross platform Remote Access Trojan known as WAVESHAPER.V2 across Windows, macOS, and Linux systems.

T1195.001Compromise Software Dependencies and Development ToolsEvidence2

These versions included a phantom dependency called "plain crypto js" that executed an obfuscated dropper during installation, deploying a cross platform Remote Access Trojan known as WAVESHAPER.V2 across Windows, macOS, and Linux systems.

Execution

8 techniques
T1059Command and Scripting InterpreterEvidence4

capable of... command execution... and arbitrary shell commands

T1059.001PowerShellEvidence4

The shell execution command expects a script and script parameters from C2; if no script is provided, the parameter is executed as a PowerShell command...

T1059.003Windows Command ShellEvidence1

Command Execution: Supports multiple execution methods, including in-memory Portable Executable (PE) injection and arbitrary shell commands.

T1059.004Unix ShellEvidence1

macOS: Downloads a C++ Mach-O binary, stores it in /Library/Caches/com.apple.act.mond, and executes it via /bin/zsh.

T1059.005Visual BasicEvidence1

Windows: Copies PowerShell to %PROGRAMDATA%\wt.exe, disguising it as Windows Terminal, and executes a secondary script via VBScript with registry-based persistence.

T1059.006PythonEvidence1

Linux: Retrieves a Python-based implant to /tmp/ld.py and executes it in the background using nohup.

T1204User ExecutionEvidence2

The artificial intelligence (AI) company said a GitHub Actions workflow it uses as part of its macOS app-signing process downloaded and executed Axios version 1.14.1.

T1574.013KernelCallbackTableEvidence1

When developers or automated systems executed npm install axios, npm resolved and installed the injected dependency, triggering execution through the postinstall lifecycle hook.

Persistence

2 techniques
T1078Valid AccountsEvidence1

after taking control of the package maintainer's npm account via a tailored social engineering campaign

T1547.001Registry Run Keys / Startup FolderEvidence2

Windows: Copies PowerShell to %PROGRAMDATA%\wt.exe, disguising it as Windows Terminal, and executes a secondary script via VBScript with registry-based persistence.

Privilege Escalation

3 techniques
T1055Process InjectionEvidence1

capable of... command execution (in-memory Portable Executable injection and arbitrary shell commands)

T1078Valid AccountsEvidence1

after taking control of the package maintainer's npm account via a tailored social engineering campaign

T1547.001Registry Run Keys / Startup FolderEvidence2

Windows: Copies PowerShell to %PROGRAMDATA%\wt.exe, disguising it as Windows Terminal, and executes a secondary script via VBScript with registry-based persistence.

Stealth

6 techniques
T1027Obfuscated Files or InformationEvidence2

a malicious dependency named "plain-crypto-js", an obfuscated dropper that deploys the WAVESHAPER.V2 backdoor

T1055Process InjectionEvidence1

capable of... command execution (in-memory Portable Executable injection and arbitrary shell commands)

T1070.004File DeletionEvidence1

Within seconds of execution, the dropper deletes the setup script, removes the postinstall hook, and replaces modified package files with benign decoys.

T1078Valid AccountsEvidence1

after taking control of the package maintainer's npm account via a tailored social engineering campaign

T1574.013KernelCallbackTableEvidence1

When developers or automated systems executed npm install axios, npm resolved and installed the injected dependency, triggering execution through the postinstall lifecycle hook.

T1620Reflective Code LoadingEvidence2

Command Execution: Supports multiple execution methods, including in-memory Portable Executable (PE) injection...

Credential Access

1 technique
T1056Input CaptureEvidence1

The goal was credential harvesting and financial theft, facilitated by multiple malware families including WAVESHAPER and SUGARLOADER.

Discovery

3 techniques
T1057Process DiscoveryEvidence1

Reconnaissance: Extracts system telemetry, including hostname, username, boot time, time zone, OS version, and detailed running process lists.

T1082System Information DiscoveryEvidence3

capable of reconnaissance (extracting telemetry)... and system enumeration (returns detailed metadata)

T1083File and Directory DiscoveryEvidence3

Supported command capabilities include: rundir: Enumerate directories and files

Collection

1 technique
T1056Input CaptureEvidence1

The goal was credential harvesting and financial theft, facilitated by multiple malware families including WAVESHAPER and SUGARLOADER.

Command and Control

3 techniques
T1071Application Layer ProtocolEvidence4

WAVESHAPER.V2 communicates using JSON... both versions accept their C2 URL dynamically via command-line arguments, share identical C2 polling behaviors and an uncommon User-Agent string...

T1105Ingress Tool TransferEvidence1

The dropper dynamically retrieved second-stage payloads tailored to the victim’s operating system.

T1219Remote Access ToolsEvidence1

Google described WAVESHAPER.V2 as a “fully functional RAT”, capable of reconnaissance, command execution... and system enumeration

INDICATORS OF COMPROMISE

IOCs tracked for this family

10 indicators attributed across vendor reports, sandbox runs, and researcher write-ups. Full values are available in Mallory.

View more in app
Network
4 tracked

IPs, domains, and DNS infrastructure linked to this family.

Hashes
5 tracked

File hashes (MD5, SHA-1, SHA-256) from samples and reports.

Other
1 tracked

Other indicator types observed in public reporting.

TypeValueLatest sighting
ip.v4●●●●●●●●●●●●View more in app1 month ago
domain●●●●●●●●●●●●View more in app1 month ago
ip.v4●●●●●●●●●●●●View more in app2 months ago
hash.sha256●●●●●●●●●●●●View more in app3 months ago
domain●●●●●●●●●●●●View more in app3 months ago
hash.sha256●●●●●●●●●●●●View more in app3 months ago
ACTIVITY FEED

Recent activity

15 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

15 SOURCESView more in app
the hacker newsNews
Apr 13, 2026
OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

A cross-platform backdoor delivered via the malicious plain-crypto-js dependency in poisoned Axios package versions, capable of infecting Windows, macOS, and Linux systems.

Read more
zeropath blogNews
Apr 10, 2026
Brief Summary: Axios CVE-2026-40175 Prototype Pollution Gadget Chain to RCE and Cloud Compromise - ZeroPath Blog | ZeroPath

A cross-platform remote access trojan deployed via an obfuscated dropper during the malicious Axios npm supply-chain compromise, affecting Windows, macOS, and Linux systems.

Read more
the hacker newsNews
Apr 8, 2026
N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

An implant distributed via a compromised Axios npm package following maintainer account takeover through social engineering.

Read more
polyswarmNews
Apr 6, 2026
The Axios Breach: When npm Trust Becomes an APT Attack Vector

A cross-platform remote access trojan framework delivered via a malicious Axios npm dependency. It supports persistence, reconnaissance, beaconing to C2 every 60 seconds, remote command execution, payload delivery, directory enumeration, and self-termination across macOS, Windows, and Linux.

Read more
+9 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets match these IOCs, which detections are missing, which campaigns to expect next, and what to do in the next 30 minutes.
Start free trial
IOC matching10

Match every observed IP, domain, and hash against your live telemetry.

Threat actor attribution2

Named campaigns wielding this family, with evidence pinned to each claim.

Exploited vulnerabilities

CVEs this family uses for access and lateral movement.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

MITRE ATT&CK mapping23

Every documented technique, ranked by evidence weight.

Researcher chatter

Reddit, Mastodon, and CTI community discussion around this family.