Compromised jscrambler npm Package Delivers Cross-Platform Infostealer
A malicious version of the **jscrambler** npm package, release 8.14.0, was published, embedding a sophisticated cross-platform infostealer. This supply chain attack targets developer environments, exfiltrating sensitive credentials and potentially establishing kernel-level persistence. Organizations using older npm clients or pinned lockfiles remain vulnerable.
The **jscrambler** npm package, a build-time tool widely used in development workflows, recently suffered a critical supply chain compromise. On July 11, 2026, version 8.14.0 was released containing a malicious `preinstall` hook that executes an infostealer on affected systems.
### The Attack Vector
The malicious package, detected by **Socket** just six minutes after its publication, includes two new files: `setup.js` and `intro.js`. While `setup.js` acts as a small loader, `intro.js` is a 7.8MB container that secretly packs three gzip-compressed native binaries, one each for Linux, Windows, and macOS.
Upon installation, `setup.js` identifies the host operating system, extracts the corresponding binary, writes it to the system's temporary directory under a random name, marks it executable, and launches it in a detached, hidden process.
Crucially, these added files were absent from **jscrambler**'s public source repository. Analysis by **StepSecurity** and **SafeDep** confirmed that version 8.14.0 was pushed directly to npm under a legitimate maintainer account, bypassing standard release workflows. This strongly suggests a compromised npm account or build pipeline.
### The Infostealer's Capabilities
The payload is a Rust-based infostealer, designed to sweep developer machines for a broad range of sensitive data. According to **Socket**'s analysis, it targets:
* Cloud credentials from **AWS**, **Azure**, and **Google Cloud**, including metadata endpoints used by CI runners.
* Cryptocurrency wallets and seed phrases from **MetaMask**, **Phantom**, and **Exodus**.
* **Bitwarden** password manager vaults.
* Browser-stored passwords and cookies.
* **Discord**, **Slack**, **Telegram**, and **Steam** sessions.
* Configuration files for AI coding tools like **Claude Desktop**, **Cursor**, **Windsurf**, **VS Code**, and **Zed**, which often contain API keys and Model Context Protocol server credentials.
Beyond data exfiltration, the Linux payload demonstrates advanced capabilities by linking the kernel's BPF library, allowing it to load an **eBPF** program directly into the kernel from memory. This provides a significant foothold beyond typical userspace access. The Windows and macOS builds also incorporate anti-debugging checks and establish persistence through a hidden Windows scheduled task or a macOS LaunchAgent, ensuring survival across reboots.
Command-and-control (C2) details remain encrypted within the binary, but **StepSecurity**'s runtime monitoring observed the dropped binary communicating with two hard-coded IP addresses and **Tor** infrastructure.
### Impact and Context
**jscrambler** sees approximately 15,800 downloads weekly. While this is a smaller footprint than previous high-profile npm compromises, the attack's focus on build environments means the quality of access is paramount. Developer machines and CI/CD systems are rich targets for the sensitive data the infostealer seeks.
This incident follows a series of npm supply chain attacks, including the **Shai-Hulud worm** and compromises of popular packages like **chalk**, **debug**, and **Axios**. The timing is particularly noteworthy as **npm 12**, released on July 8, three days before this attack, defaults to disabling dependency install scripts. However, older npm clients still execute these scripts automatically, leaving many systems vulnerable.
Despite the rapid response and the release of version 8.15.0 (which is clean), version 8.14.0 has not been pulled from npm. This means any lockfile or command explicitly pinning to 8.14.0 will continue to install the malicious package.
### Immediate Actions Required
1. **Update/Downgrade:** Immediately move off **jscrambler** version 8.14.0. Migrate to 8.15.0 or pin to 8.13.0. Ensure `[email protected]` is cleared from all lockfiles and package caches.
2. **Verify Installation:** Check lockfiles and package manager logs for `[email protected]` installations from July 11, 2026, onwards. Review CI records for any execution of `dist/setup.js`. Look for randomly named hidden files in system temp directories. On Windows, inspect Task Scheduler for unfamiliar hidden tasks; on macOS, check `~/Library/LaunchAgents` for suspicious `.plist` files.
3. **Incident Response:** If 8.14.0 was installed on any machine, assume all reachable secrets are compromised. Immediately rotate cloud keys, npm and **GitHub** tokens, AI-tool API keys, and **MCP** API keys. Revoke **Discord**, **Slack**, browser, and **Bitwarden** sessions. Move any cryptocurrency from wallets on the affected host. Block the identified C2 IP addresses.
### Indicators of Compromise (IoCs)
**Malicious package:** `[email protected]`
**SHA-256 hashes for added files and payloads:**
* `dist/setup.js`: `a742de963f14a92d24ebcbc7b44ac867e23a20d31d1b0094a13a4f83287f4e60`
* `dist/intro.js`: `a41a523ef9517aab37ed6eea0ec881821bdcb7aefcb5c5f603adc7907f868c86`
* Linux payload: `fbbcf4d8f98168f78f5c0c47a9ae56d59ec8ac84a7c9ca6b797fedfb8d62d2bd`
* Windows payload: `b7ca95d1b23c8e67416a25cedf741de0917c2096bbc9d24649eea7853d054903`
* macOS payload: `c8fd47d36bdf7c82537859ab82ed8c24d1dc52e26b507812393e24e1d5201fd`
**Network Endpoints (observed by StepSecurity):**
* C2 IP: `37.27.122[.]124`
* C2 IP: `57.128.246[.]79`
* Tor infrastructure: `check.torproject[.]org`, `archive.torproject[.]org`