Several malicious versions of Jscrambler’s NPM package were published in a supply chain attack after a threat actor used compromised publishing credentials. The Rust-based payloads targeted developer and cloud-operator secrets, wallets, browser data, and cloud APIs, affecting dependent packages and prompting urgent cleanup and credential rotation. #Jscrambler #NPM #Socket
Keypoints
- Attackers published malicious Jscrambler NPM packages using compromised publishing credentials.
- The malicious versions included a preinstall hook and additional files that launched platform-specific binaries.
- The payloads were Rust-based information stealers targeting credentials, secrets, wallets, and application data.
- Several dependent packages were also affected, including Jscrambler-webpack-plugin and gulp-Jscrambler.
- Jscrambler revoked credentials, and users were told to remove infected versions and rotate secrets.
Read More: https://www.securityweek.com/multiple-jscrambler-packages-impacted-by-supply-chain-attack/