Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install

Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install
The jscrambler npm package version 8.14.0 was compromised with a preinstall hook that drops a Rust infostealer for Windows, macOS, and Linux, targeting developer secrets, cloud credentials, wallets, and AI tool config files. The malicious release was published directly to npm from a legitimate maintainer account, and users who installed it may have already exposed sensitive data before 8.15.0 replaced it. #jscrambler #npm #ShaiHulud

Keypoints

  • jscrambler 8.14.0 was published with a malicious preinstall hook.
  • The package dropped native payloads for Windows, macOS, and Linux.
  • The infostealer targeted cloud keys, wallets, browser data, and developer sessions.
  • It also collected AI coding tool configs and MCP credentials.
  • 8.14.0 was pushed outside the normal release flow and remains risky in lockfiles and caches.

Read More: https://thehackernews.com/2026/07/compromised-jscrambler-8140-npm-release.html