A supply chain attack has impacted the jscrambler npm package after attackers gained access to a legitimate npm publishing credential and pushed multiple malicious versions containing a cross-platform infostealer.
The first malicious release, [email protected], was published on July 11, 2026, and executed malware during installation through a malicious preinstall script. Later versions evolved to execute malware even when install scripts were disabled.
Affected Versions
- 8.14.0
- 8.16.0
- 8.17.0
- 8.18.0
- 8.20.0
Safe Version
- ✅ 8.22.0 (recommended)
- ✅ 8.15.0 appears clean, but upgrading to 8.22.0 is strongly advised
What the Malware Does
The malicious package drops and executes a native binary for:
- Windows
- macOS
- Linux
The payload is a Rust-based infostealer designed to target developer workstations and CI/CD environments.
Targeted Data
Cloud Credentials
- AWS
- Azure
- Google Cloud
Developer Secrets
- GitHub tokens
- npm tokens
- Deployment credentials
AI Development Tools
- Claude Desktop
- Cursor
- Windsurf
- VS Code
- Zed
- MCP server credentials
- AI API keys
Communication Platforms
- Discord
- Slack
- Telegram
Browsers
- Cookies
- Saved passwords
- Sessions
Password Managers
- Bitwarden
Cryptocurrency Wallets
- MetaMask
- Phantom
- Exodus
- Seed phrases
Advanced Capabilities
Researchers discovered that the Linux payload includes eBPF functionality, potentially enabling kernel-level operations.
Additional features include:
Windows
- Anti-debugging checks
- Hidden scheduled task persistence
- Relaunch every minute
macOS
- Anti-debugging protections
- LaunchAgent persistence
Linux
- eBPF loading capability
- Credential harvesting
Why This Matters
Unlike traditional malware campaigns focused on end users, this operation specifically targets:
- Software developers
- Build servers
- CI/CD pipelines
- DevOps environments
These systems often contain:
- Production credentials
- Cloud access keys
- Source code
- Deployment tokens
- AI platform secrets
A successful compromise can lead directly to broader infrastructure compromise.
Indicators of Compromise (IoCs)
Malicious Package Versions
Command-and-Control Infrastructure
37.27.122[.]124
57.128.246[.]79
Additional Network Activity
check.torproject[.]org
archive.torproject[.]org
SHA-256 Hashes
dist/setup.js
a742de963f14a92d24ebcbc7b44ac867e23a20d31d1b0094a13a4f83287f4e60
dist/intro.js
a41a523ef9517aab37ed6eea0ec881821bdcb7aefcb5c5f603adc7907f868c86
Linux Payload
fbbcf4d8f98168f78f5c0c47a9ae56d59ec8ac84a7c9ca6b797fedfb8d62d2bd
Windows Payload
b7ca95d1b23c8e67416a25cedf741de0917c2096bbc9d24649eea7853d054903
macOS Payload
c8fd47d36bdf7c825378593ab82ed8c24d1dc52e26b507812393e24e1d5201fd
Recommended Actions
Immediate Steps
- Upgrade to jscrambler 8.22.0
- Remove affected versions from lockfiles
- Clear package-manager caches
- Review CI/CD logs for affected versions
- Search for unexpected binaries executed from temporary directories
If a Malicious Version Was Installed
Treat all accessible secrets as compromised and rotate:
- Cloud credentials
- GitHub tokens
- npm tokens
- API keys
- AI platform credentials
- MCP credentials
- Slack sessions
- Discord sessions
- Browser sessions
- Cryptocurrency wallets
Additional Checks
Windows
- Inspect Task Scheduler for hidden tasks
macOS
- Review ~/Library/LaunchAgents
Linux
- Investigate unusual eBPF activity
Conclusion
The Jscrambler incident demonstrates how software supply chain attacks continue to evolve, increasingly targeting developers, CI/CD infrastructure, and AI-enabled environments. By focusing on cloud credentials, deployment secrets, AI tool configurations, and cryptocurrency wallets, attackers can quickly pivot from a single compromised package to broader organizational access.
Organizations should immediately identify whether any affected Jscrambler versions were installed and assume exposed credentials have been compromised.