A supply chain attack has impacted the jscrambler npm package after attackers gained access to a legitimate npm publishing credential and pushed multiple malicious versions containing a cross-platform infostealer.

The first malicious release, [email protected], was published on July 11, 2026, and executed malware during installation through a malicious preinstall script. Later versions evolved to execute malware even when install scripts were disabled.

Affected Versions

  • 8.14.0
  • 8.16.0
  • 8.17.0
  • 8.18.0
  • 8.20.0

Safe Version

  • ✅ 8.22.0 (recommended)
  • ✅ 8.15.0 appears clean, but upgrading to 8.22.0 is strongly advised

What the Malware Does

The malicious package drops and executes a native binary for:

  • Windows
  • macOS
  • Linux

The payload is a Rust-based infostealer designed to target developer workstations and CI/CD environments.

Targeted Data

Cloud Credentials

  • AWS
  • Azure
  • Google Cloud

Developer Secrets

  • GitHub tokens
  • npm tokens
  • Deployment credentials

AI Development Tools

  • Claude Desktop
  • Cursor
  • Windsurf
  • VS Code
  • Zed
  • MCP server credentials
  • AI API keys

Communication Platforms

  • Discord
  • Slack
  • Telegram

Browsers

  • Cookies
  • Saved passwords
  • Sessions

Password Managers

  • Bitwarden

Cryptocurrency Wallets

  • MetaMask
  • Phantom
  • Exodus
  • Seed phrases

Advanced Capabilities

Researchers discovered that the Linux payload includes eBPF functionality, potentially enabling kernel-level operations.

Additional features include:

Windows

  • Anti-debugging checks
  • Hidden scheduled task persistence
  • Relaunch every minute

macOS

  • Anti-debugging protections
  • LaunchAgent persistence

Linux

  • eBPF loading capability
  • Credential harvesting

Why This Matters

Unlike traditional malware campaigns focused on end users, this operation specifically targets:

  • Software developers
  • Build servers
  • CI/CD pipelines
  • DevOps environments

These systems often contain:

  • Production credentials
  • Cloud access keys
  • Source code
  • Deployment tokens
  • AI platform secrets

A successful compromise can lead directly to broader infrastructure compromise.

Indicators of Compromise (IoCs)

Malicious Package Versions

Command-and-Control Infrastructure

37.27.122[.]124
57.128.246[.]79

Additional Network Activity

check.torproject[.]org
archive.torproject[.]org

SHA-256 Hashes

dist/setup.js
a742de963f14a92d24ebcbc7b44ac867e23a20d31d1b0094a13a4f83287f4e60

dist/intro.js
a41a523ef9517aab37ed6eea0ec881821bdcb7aefcb5c5f603adc7907f868c86

Linux Payload
fbbcf4d8f98168f78f5c0c47a9ae56d59ec8ac84a7c9ca6b797fedfb8d62d2bd

Windows Payload
b7ca95d1b23c8e67416a25cedf741de0917c2096bbc9d24649eea7853d054903

macOS Payload
c8fd47d36bdf7c825378593ab82ed8c24d1dc52e26b507812393e24e1d5201fd

Recommended Actions

Immediate Steps

  1. Upgrade to jscrambler 8.22.0
  2. Remove affected versions from lockfiles
  3. Clear package-manager caches
  4. Review CI/CD logs for affected versions
  5. Search for unexpected binaries executed from temporary directories

If a Malicious Version Was Installed

Treat all accessible secrets as compromised and rotate:

  • Cloud credentials
  • GitHub tokens
  • npm tokens
  • API keys
  • AI platform credentials
  • MCP credentials
  • Slack sessions
  • Discord sessions
  • Browser sessions
  • Cryptocurrency wallets

Additional Checks

Windows
- Inspect Task Scheduler for hidden tasks

macOS
- Review ~/Library/LaunchAgents

Linux
- Investigate unusual eBPF activity

Conclusion

The Jscrambler incident demonstrates how software supply chain attacks continue to evolve, increasingly targeting developers, CI/CD infrastructure, and AI-enabled environments. By focusing on cloud credentials, deployment secrets, AI tool configurations, and cryptocurrency wallets, attackers can quickly pivot from a single compromised package to broader organizational access.

Organizations should immediately identify whether any affected Jscrambler versions were installed and assume exposed credentials have been compromised.