The jscrambler npm package version 8.14.0 was compromised to execute an infostealer upon installation. This malicious version, published on July 11, 2026, targets developers' sensitive information, including cloud credentials and cryptocurrency wallets, escalating security risks for users.
The npm package jscrambler version 8.14.0 was found to include a malicious payload that is executed during installation. This version was published on July 11, 2026, and was flagged by Socket just six minutes post-release. It contains additional files that are not present in prior versions, suggesting a significant compromise of the release process.
The malicious release includes a preinstall hook that downloads a native binary appropriate for the user's operating systemβWindows, macOS, or Linux. Each binary is designed to collect sensitive information from a developer's machine and send it to a remote server over TLS.
The infostealer specifically targets cloud credentials from major providers such as AWS, Azure, and Google Cloud, as well as information from cryptocurrency wallets like MetaMask and password managers including Bitwarden. Additionally, it seeks configurations from various AI coding tools, heightening concerns about AI security.
The payload exhibited advanced behavior, including linking to the Linux kernel's BPF library to load eBPF programs into memory, indicating a serious security risk that extends beyond simple data theft. The methodology of how this version was released suggests potential vulnerabilities in npm maintainer security, raising alarms in the developer community.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
The jscrambler npm package version 8.14.0 was compromised to execute an infostealer upon installation. This malicious version, published on July 11, 2026, targets developers' sensitive information, including cloud credentials and cryptocurrency wallets, escalating security risks for users.