Compromised jscrambler 8.14.0 npm Release Risks Developer Secrets with Malicious Infostealer
A serious security breach has been identified in the jscrambler npm package, specifically in version 8.14.0, which was released on July 11, 2026. This version contains a malicious preinstall hook that enables the package to execute a native infostealer during installation, impacting users across Windows, macOS, and Linux platforms. The ramifications of this incident are significant, particularly for developers who depend on this tool for their build processes.
Overview of the Incident
The compromised version of jscrambler was flagged by the security firm Socket just six minutes after its release. The malicious payload executes without requiring any imports or command-line interface (CLI) calls, meaning that simply installing version 8.14.0 is enough for the attack to occur. If any build systems integrated this version during that brief window, the malicious code would have run with the same access privileges as the installation process.
Analysis of the package revealed the addition of two new files in the dist/ directory: setup.js, a small loader, and intro.js, which contains a 7.8MB container of three gzip-compressed native binaries designed for the three operating systems. Upon installation, setup.js selects the appropriate binary for the host OS, assigns it a random name in the system’s temporary directory, marks it executable, and launches it in a detached state, effectively concealing its output.
Lack of Transparency in Source Code
The newly added files are present in the published package but are missing from jscrambler’s public source code repository. Reports from StepSecurity and SafeDep confirmed that there are no corresponding commits, tags, or pull requests for version 8.14.0 in the GitHub repository, which still lists version 8.13.0 as the latest. This version was uploaded directly to npm under a legitimate maintainer account, bypassing the project’s standard release protocols, raising concerns about a potentially compromised npm account or build pipeline.
Nature of the Malicious Payload
The payload has been identified as a Rust-based infostealer capable of extracting sensitive information from developer machines and transmitting it to a remote server over TLS. The targeted data includes cloud credentials from AWS, Azure, and Google Cloud, as well as metadata endpoints used by continuous integration (CI) runners. Additionally, it can access cryptocurrency wallets and seed phrases from popular services like MetaMask, Phantom, and Exodus, along with the vault of the Bitwarden password manager.
The infostealer also scrapes browser-stored passwords and cookies, as well as session data from platforms such as Discord, Slack, Telegram, and Steam. It specifically targets configuration files for AI coding tools, including Claude Desktop, Cursor, Windsurf, VS Code, and Zed, where API keys and Model Context Protocol server credentials are often stored.
The capabilities of the binaries extend beyond conventional data theft. On Linux systems, the payload links to the kernel’s BPF library, allowing it to load an eBPF program directly into the kernel from memory. This grants it a foothold in the kernel, rather than relying solely on user-space file access. Both StepSecurity and SafeDep have flagged this capability, although the specific functions of the eBPF program remain under investigation.
The Windows and macOS versions of the payload include anti-debugging checks and establish persistence mechanisms to survive system reboots. This includes a hidden Windows scheduled task set to relaunch every minute and a macOS LaunchAgent that reloads upon user login.
Command-and-Control Infrastructure
The command-and-control (C2) details remain encrypted within the binary and were not revealed during static analysis. However, StepSecurity’s runtime monitoring detected the dropped binary attempting to connect to two hard-coded IP addresses and to Tor infrastructure, marking the first network indicators associated with this campaign.
As a build-time tool, jscrambler is typically installed as a development dependency or executed from CI environments. This places the infostealer directly into the environment it was designed to exploit, targeting cloud keys, deploy tokens, and source code accessible during the build or CI process.
The package sees approximately 15,800 downloads weekly, although the exact number of users who installed the compromised version remains uncertain. This figure is significantly smaller than the download counts for other npm packages that have been compromised in recent months, which often reach billions of downloads weekly.
Historical Context of npm Supply-Chain Attacks
This incident is part of a broader trend of npm supply-chain attacks that have been occurring since late 2025. The Shai-Hulud worm, for example, exploited an install hook to steal tokens and proliferated through hundreds of packages. Additionally, widely used packages like chalk and debug were compromised through a phished maintainer account, which redirected cryptocurrency payments.
In March 2026, a hijacked account introduced a cross-platform trojan into Axios, an HTTP library with over 83 million weekly downloads. The timing of this incident is particularly notable, as npm had recently implemented measures to mitigate such risks. On July 8, just three days before the release of version 8.14.0, npm 12 was launched, disabling automatic execution of dependency install scripts.
In npm 12, a preinstall hook like the one used in version 8.14.0 will not run unless explicitly approved by the user. However, older clients continue to execute these hooks automatically.
Mitigation Steps
In light of the discovery of the malicious payload, users are advised to take immediate action:
-
Upgrade: Transition to version 8.15.0 or revert to version 8.13.0, which predates the incident. Ensure that jscrambler@8.14.0 is removed from lockfiles and caches.
-
Audit: Determine whether version 8.14.0 was installed. Review lockfiles and package manager logs for jscrambler@8.14.0, and check CI records for any executions of dist/setup.js from July 11 onward. The loader drops its payload under a random name, so it is essential to align installation timestamps with Node child processes and temp-directory executions. On Windows, inspect Task Scheduler for hidden tasks; on macOS, examine ~/Library/LaunchAgents for any unfamiliar plist files.
-
Rotate Secrets: If version 8.14.0 was executed on a machine, treat all accessible secrets as compromised. Rotate cloud keys, npm and GitHub tokens, and API keys for AI tools and Model Context Protocol. Revoke sessions for Discord, Slack, browsers, and Bitwarden, and transfer any cryptocurrency out of wallets on affected hosts. Additionally, block the identified command-and-control IP addresses.
The cleanup process must be swift, as the infostealer operates within seconds of installation. Version 8.14.0 remains available on npm, meaning that any build pinned to it on older clients that execute install scripts will continue to run the malicious payload.
Indicators of Compromise
The malicious package identified is jscrambler@8.14.0. Below are the SHA-256 hashes for the added files and their decompressed payloads:
dist/setup.js: a742de963f14a92d24ebcbc7b44ac867e23a20d31d1b0094a13a4f83287f4e60dist/intro.js: a41a523ef9517aab37ed6eea0ec881821bdcb7aefcb5c5f603adc7907f868c86- Linux payload: fbbcf4d8f98168f78f5c0c47a9ae56d59ec8ac84a7c9ca6b797fedfb8d62d2bd
- Windows payload: b7ca95d1b23c8e67416a25cedf741de0917c2096bbc9d24649eea7853d054903
- macOS payload: c8fd47d36bdf7c825378593ab82ed8c24d1dc52e26b507812393e24e1d5201fd
Network endpoints observed at runtime include:
- C2 IP: 37.27.122[.]124
- C2 IP: 57.128.246[.]79
- Tor infrastructure: check.torproject[.]org, archive.torproject[.]org
On-host artifacts include a randomly named hidden file in the system temp directory (.{random}, or .{random}.exe on Windows), along with a hidden Windows scheduled task or a macOS LaunchAgent for persistence.
For ongoing coverage and breaking updates, visit our Latest News section.
Published on 2026-07-11 23:11:00 • By the Editorial Desk

