Hackers backdoor Jscrambler npm package with infostealer malware
Summary
A malicious version of the Jscrambler npm package was published by a threat actor, containing infostealer malware. This compromised package has been downloaded nearly 1,500 times.
IFF Assessment
FOE
The compromise of a widely used npm package with infostealer malware poses a direct threat to developers and their systems, representing bad news for defenders.
Defender Context
This incident highlights the ongoing risks associated with supply chain attacks targeting popular developer tools like npm packages. Defenders should monitor for the presence of this malicious package within their development environments and ensure robust software composition analysis (SCA) practices are in place to detect compromised dependencies.