Jscrambler disclosed that a malicious version of its npm package was published and downloaded 1,479 times before being removed, with the compromise affecting only the jscrambler package used by its Code Integrity product. The package delivered an infostealing payload during the preinstall hook, targeting developer secrets, cloud credentials, AI tool configs, browser data, messaging apps, and cryptocurrency wallets. #Jscrambler #npm
Keypoints
- A malicious Jscrambler npm package was published without authorization.
- The compromised releases were 8.14, 8.16, 8.17, and 8.20.
- The package executed an infostealer during the preinstall hook.
- The malware targeted source code, credentials, cloud secrets, and wallet data.
- Jscrambler revoked publishing credentials and released safe version 8.22.