← All stories
● Covered by 1 source Β· 1 reportHigh impact

Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install

Aggregated by BrevFeed security Β· updated 3h ago
πŸ”– Save

The jscrambler npm package version 8.14.0 was compromised to execute an infostealer upon installation. This malicious version, published on July 11, 2026, targets developers' sensitive information, including cloud credentials and cryptocurrency wallets, escalating security risks for users.

Key points

Compromise Details

The npm package jscrambler version 8.14.0 was found to include a malicious payload that is executed during installation. This version was published on July 11, 2026, and was flagged by Socket just six minutes post-release. It contains additional files that are not present in prior versions, suggesting a significant compromise of the release process.

Malicious Payload Functionality

The malicious release includes a preinstall hook that downloads a native binary appropriate for the user's operating systemβ€”Windows, macOS, or Linux. Each binary is designed to collect sensitive information from a developer's machine and send it to a remote server over TLS.

Types of Data Targeted

The infostealer specifically targets cloud credentials from major providers such as AWS, Azure, and Google Cloud, as well as information from cryptocurrency wallets like MetaMask and password managers including Bitwarden. Additionally, it seeks configurations from various AI coding tools, heightening concerns about AI security.

Technical Analysis and Implications

The payload exhibited advanced behavior, including linking to the Linux kernel's BPF library to load eBPF programs into memory, indicating a serious security risk that extends beyond simple data theft. The methodology of how this version was released suggests potential vulnerabilities in npm maintainer security, raising alarms in the developer community.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Reporting from

The jscrambler npm package version 8.14.0 was compromised to execute an infostealer upon installation. This malicious version, published on July 11, 2026, targets developers' sensitive information, including cloud credentials and cryptocurrency wallets, escalating security risks for users.