Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install

Summary

The jscrambler npm package, specifically version 8.14.0, has been compromised. Installing this malicious release executes an infostealer on Windows, macOS, and Linux systems via a preinstall hook. The malicious activity was detected shortly after its publication.

IFF Assessment

FOE

The compromise of a widely used software package to distribute an infostealer poses a direct threat to users and their data.

Defender Context

This incident highlights the ongoing risk of supply chain attacks targeting popular software repositories like npm. Defenders should be vigilant about package integrity and consider implementing stricter vetting processes for third-party dependencies, including automated checks for malicious behavior during installation.

Read Full Story →