---Advertisement---

Jscrambler npm Supply Chain Attack Drops Rust Infostealer on Developer Machines

By xploitzone
July 13, 2026 2:35 PM
---Advertisement---

A compromised npm credential let attackers push five malicious jscrambler versions between 8.14.0 and 8.20.0 delivering a cross platform Rust infostealer targeting AWS Azure GitHub Claude Desktop and crypto wallet credentials from developer machines and CI runners.

Consider running a CI pipeline build on Friday afternoon expecting nothing more than a routine code obfuscation step and watching it quietly steal your AWS production keys your GitHub deploy tokens your Claude Desktop API credentials and every cryptocurrency wallet on that machine before you ever noticed anything unusual happened. That exact scenario became real for any developer or CI environment that pulled jscrambler version 8.14.0 between its publication at an unknown time on July 11 2026 and its eventual replacement.

How the Jscrambler Attack Worked

Socket flagged the release six minutes after it appeared on npm which represents one of the fastest detections of a supply chain attack on record. Despite that speed the window between publication and detection means any automated build system that pulled the package in those minutes already executed the payload with whatever access that build process carried.

Socket flagged the release six minutes after it appeared on npm…

The malicious releases span five versions across approximately three hours of attacker activity. Versions 8.14.0 8.16.0 and 8.17.0 carried the payload inside a preinstall hook meaning npm install triggered the malware automatically on older npm clients. Versions 8.18.0 and 8.20.0 changed delivery by moving the dropper into the package main code and CLI so that importing or running the package fired the payload regardless of whether npm install was run with the ignore scripts flag.

This progression reveals the attacker adapting in real time as they pushed additional versions during the same session. Version 8.15.0 published between the first two malicious releases appears clean and sits on neither Socket nor Jscrambler’s affected version lists.

The malicious versions added two files under the dist directory that appear nowhere in Jscramblers public GitHub repository. The file setup.js acts as a small loader and intro.js despite suggesting a JavaScript file actually contains three gzip compressed native binaries roughly 7.8 megabytes total covering Linux Windows and macOS. On install setup.js identifies the host operating system writes the appropriate binary under a random name in the system temp directory marks it executable and launches it detached with output hidden from any visible terminal session.

The payload itself is a Rust built infostealer designed specifically around the access that developer machines and CI runners carry. Target categories include cloud credentials from AWS Azure and Google Cloud including the metadata endpoints that CI runners use for token retrieval cryptocurrency wallets and seed phrases from MetaMask Phantom and Exodus the Bitwarden password manager vault browser stored passwords and cookies and Discord Slack Telegram and Steam sessions.

The stealer also targets something more specific to the 2026 developer environment namely the configuration files for AI coding tools including Claude Desktop Cursor Windsurf VS Code and Zed where API keys and Model Context Protocol server credentials typically live.

The Linux build adds a capability beyond credential theft by linking the kernel BPF library and loading an eBPF program straight into the kernel from memory rather than relying purely on userspace file access. This represents a kernel level foothold significantly beyond what a typical npm supply chain payload achieves.

The Windows and macOS builds add anti debugging checks and both platforms wire in persistence mechanisms specifically a hidden Windows scheduled task set to relaunch every minute and a macOS LaunchAgent that reloads on login. Command and control details stay encrypted inside the binary and never surfaced during static analysis though StepSecurity’s runtime monitoring observed connections to two hardcoded IP addresses and Tor infrastructure.

StepSecurity Network Events showing blocked Tor connections from the compromised Jscrambler npm package

Jscrambler Supply Chain Impact Detection And Mitigation Guide

Jscrambler confirmed the root cause as a compromised npm publishing credential rather than any breach of its internal source code or build pipeline. The attacker pushed five malicious versions using that credential bypassing the project’s normal release flow entirely. Jscrambler says its forensic investigation remains ongoing and confirms the intrusion touched only the jscrambler package for its Code Integrity product leaving other products unaffected.

StepSecurity Threat Center alert for compromised Jscrambler npm package version 8.14.0

The downstream impact matters particularly because jscrambler functions as a build time tool commonly installed as a development dependency or used inside CI pipelines. Those environments hold exactly what the stealer collects. A single successful execution on a CI runner exposes every cloud key deploy token and source repository credential that runner holds rather than just the credentials of a single human user account.

Threat Center executive summary for compromised jscrambler npm package version 8.14.0

Any developer or organization that ran npm install involving jscrambler between July 11 2026 and the release of the clean version 8.22.0 should treat every secret accessible from that machine or runner as already stolen. Rotating cloud keys npm and GitHub tokens and AI tool and MCP API keys stands as the minimum required response.

Revoking Discord Slack browser and Bitwarden sessions and moving any cryptocurrency funds off wallets that existed on the affected machine also remains necessary given the stealer’s explicit targeting of those resources.

Detection should focus on install timestamps rather than binary names since the dropped payload uses a random name in the system temp directory. Correlating npm install logs for [email protected] through 8.20.0 with Node child process spawning from temp directories during that window provides the most reliable artifact trail.

On Windows checking Task Scheduler for hidden tasks and on macOS checking the LaunchAgents directory for unfamiliar plists covers the persistence layer. Blocking the two command and control IP addresses 37.27.122.124 and 57.128.246.79 and monitoring for connections to Tor infrastructure provides network layer defense for any machine that may have run the payload.

This incident follows a pattern of escalating npm supply chain attacks through 2025 and 2026 where the Shai-Hulud worm spread through install hooks in September 2025 chalk and debug got taken over through a phished maintainer account to reroute cryptocurrency payments and in March 2026 a hijacked account pushed a cross platform trojan into Axios which carries more than 83 million weekly downloads.

The timing remains notable because npm 12 shipped on July 8 three days before this release with dependency install scripts disabled by default which would have blocked the preinstall vector entirely for developers running the newer client.

xploitzone

Exploring the world of cybersecurity through in depth analysis of vulnerabilities,data breaches and emerging threats. Delivering real insights technical breakdowns and bug bounty discoveries for security enthusiasts and researchers.

Join Twitter

Join Now

Join Telegram

Join Now

Leave a Comment