Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install
The jscrambler npm package was compromised, and simply installing its 8.14.0 release runs an infostealer on your machine. Published on July 11, 2026, the malicious version carries a preinstall hook that drops and executes a native binary, one build each for Windows, macOS, and Linux.
Socket flagged the release six minutes after it was published. If you or one of your build systems pulled it in that window, the payload has already run with whatever access your install process had.
None of this is in the prior release, 8.13.0. The package diff shows two new files under dist/: setup.js, a small loader, and intro.js. Despite the name, intro.js is not JavaScript but a roughly 7.8MB container packing three gzip-compressed native binaries, one each for Linux, Windows, and macOS.
On install, setup.js picks the binary for the host operating system, writes it under a random name in the system temp directory, marks it executable, and launches it detached with its output hidden.
The added files are in the published package, but nowhere in jscrambler’s public source. StepSecurity and SafeDep both pulled and analyzed the release, and both report no matching commit, tag, or pull request for 8.14.0 in the GitHub repository.
Its latest tag is still 8.13.0. The version was pushed straight to npm under a legitimate maintainer account, bypassing the project’s normal release flow. That points to a compromised npm account or build pipeline. Which of the two has not been established.
The payload is a Rust infostealer, built for all three platforms, that sweeps a developer machine for secrets and ships them to a drop server over TLS, according to Socket’s updated analysis and a statement to The Hacker News.
The target list is broad and aimed at developers: cloud credentials from AWS, Azure, and Google Cloud, including the metadata endpoints CI runners use; cryptocurrency wallets and seed phrases from MetaMask, Phantom, and Exodus; the Bitwarden password manager vault; browser-stored passwords and cookies; and Discord, Slack, Telegram, and Steam sessions.
It also goes after something newer: the config files for AI coding tools, including Claude Desktop, Cursor, Windsurf, VS Code, and Zed, where API keys and Model Context Protocol server credentials tend to sit.
The binaries do more than steal. On Linux, the payload links the kernel’s BPF library and can load an eBPF program straight into the kernel from memory. That is a foothold in the kernel, not the userspace file access that the rest of the stealer relies on. StepSecurity and SafeDep both flagged the capability, though what the eBPF does is still being pulled apart.
The Windows and macOS builds add anti-debugging checks, and the stealer wires in persistence to survive a reboot: a hidden Windows scheduled task set to relaunch every minute, and a macOS LaunchAgent that reloads on login. Its command-and-control details stay encrypted in the binary and never surfaced in static analysis.
StepSecurity’s runtime monitoring caught the dropped binary reaching out to two hard-coded IP addresses and to Tor infrastructure, the first network indicators published for the campaign.
jscrambler is a build-time tool, installed as a development dependency or run from CI. Those environments hold what the stealer collects: cloud keys, deploy tokens, and source code that a build or CI process can reach.
![]() ![]() |
| Source: Step Security |
The package sees about 15,800 downloads a week, and how many pulled the compromised version is not yet known. That is a far smaller footprint than the packages hit in the big npm compromises of the past year, which pull billions of downloads a week between them.
For a stealer aimed at build machines, though, reach was never the point. The access is.
The Shai-Hulud worm ran from an install hook to steal tokens and spread through hundreds of packages that September. The widely used chalk and debug packages were taken over through a phished maintainer account and used to reroute crypto payments.
In March, a hijacked account pushed a cross-platform trojan into Axios, an HTTP library with more than 83 million weekly downloads. What makes the timing here sharp is that npm had just moved against this exact route: npm 12 shipped on July 8, three days before this release, with dependency install scripts off by default.
On npm 12, a preinstall hook like this one does not run unless someone approves it. Older clients still run them automatically.
Version 8.15.0 has since replaced it at the top of npm’s version list, published from the same maintainer account and showing none of the malware alerts 8.14.0 tripped: no install script, no bundled binary. But 8.14.0 was not pulled.
It is still on npm, so any lockfile or command pinned to it keeps installing the stealer. Only the main CLI package was hit; the jscrambler plugins for webpack, gulp, Metro, and grunt stayed on their clean June releases, with no install hooks.
What to do now
- Get off 8.14.0. Move to 8.15.0, or pin to 8.13.0 for a release from before the incident, and clear [email protected] from lockfiles and caches.
- Work out whether you installed 8.14.0. Check lockfiles and package-manager logs for [email protected], and CI records for any run of dist/setup.js, from July 11 on. The loader drops its payload under a random name in the temp directory, so there is no fixed binary name to grep for; line up install timestamps against Node child processes and temp-directory execution instead. On Windows, check Task Scheduler for hidden tasks; on macOS, inspect ~/Library/LaunchAgents for unfamiliar plists.
- If 8.14.0 ran on a machine, treat every secret it could reach as stolen, not just exposed. Rotate cloud keys, npm and GitHub tokens, and AI-tool and MCP API keys; revoke Discord, Slack, browser, and Bitwarden sessions; and move any crypto out of wallets on that host. Block the two command-and-control IPs listed below.
The cleanup was fast, but a stealer does its work in the seconds after install. A build pinned to 8.14.0, on an older client that runs install scripts, still runs the payload. And on any machine that already ran it, the secrets were gone before 8.15.0 ever reached the top of the list.
Indicators of compromise
Malicious package: [email protected]. SHA-256 hashes for the added files and their decompressed payloads:
- dist/setup.js: a742de963f14a92d24ebcbc7b44ac867e23a20d31d1b0094a13a4f83287f4e60
- dist/intro.js: a41a523ef9517aab37ed6eea0ec881821bdcb7aefcb5c5f603adc7907f868c86
- Linux payload: fbbcf4d8f98168f78f5c0c47a9ae56d59ec8ac84a7c9ca6b797fedfb8d62d2bd
- Windows payload: b7ca95d1b23c8e67416a25cedf741de0917c2096bbc9d24649eea7853d054903
- macOS payload: c8fd47d36bdf7c825378593ab82ed8c24d1dc52e26b507812393e24e1d5201fd
Network endpoints StepSecurity observed at runtime. The two IPs are the direct attacker endpoints; the binary also reaches Tor infrastructure, likely for connectivity or routing:
- C2 IP: 37.27.122[.]124
- C2 IP: 57.128.246[.]79
- Tor infrastructure: check.torproject[.]org, archive.torproject[.]org
On-host artifacts: a randomly named hidden file in the system temp directory, of the form .{random} or .{random}.exe on Windows, plus a hidden Windows scheduled task or a macOS LaunchAgent for persistence.
The post “Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install” appeared first on The Hacker News
Source:The Hacker News – [email protected] (The Hacker News)

