Signal

Jscrambler npm packages compromised in supply chain attack deploying infostealer malware

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-07-13 17:29 UTCUpdated 2026-07-14 09:04 UTC
rss
supply_chain_attackmalwarenpminfostealerbreachdeveloper_security
Trend in the last 24h
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
No card needed for the free brief.
Evidence trail (top sources)
top sources (3 domains)domains are deduped. counts indicate coverage, not truth.
3 top sources shown
Jscrambler npm Breach Exposes Developers to Malware
BankInfoSecurity · News · bankinfosecurity.com · 2026-07-13 21:48 UTC
Overview

Multiple versions of Jscrambler's npm packages, including version 8.14.0, were compromised in a supply chain attack that injected a malicious preinstall hook.

Entities
Jscrambler
Score total
1.2
Momentum 24h
3
Posts
3
Origins
3
Source types
1
Duplicate ratio
0%
Why now
  • The attack was recently discovered affecting multiple Jscrambler package versions including 8.14.0.
  • Malicious versions were actively released using compromised publishing credentials.
  • Developers using these packages need immediate awareness and remediation steps.
Why it matters
  • Supply chain attacks on npm packages can compromise developer environments and downstream software.
  • Harvested credentials and source code pose risks of further exploitation and intellectual property theft.
  • Evolving malware delivery methods increase difficulty of detection and mitigation.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: medium
Recurring claims
  • Jscrambler npm package version 8.14.0 contained a malicious infostealer via a preinstall hook
  • Attackers used compromised npm credentials to release five malicious versions of Jscrambler's Code Integrity package deploying a Rust-based infostealer
  • Multiple Jscrambler npm packages were impacted by the supply chain attack dropping a cross-platform credential stealer
How sources frame it
  • BankInfoSecurity: neutral
  • SC Media: neutral
  • SecurityWeek: neutral
All evidence
All evidence
Multiple Jscrambler Packages Impacted by Supply Chain Attack
SecurityWeek · securityweek.com · 2026-07-14 09:04 UTC
Jscrambler npm Breach Exposes Developers to Malware
BankInfoSecurity · bankinfosecurity.com · 2026-07-13 21:48 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 3Origin domains: 3Duplicates: -
Showing 3 / 0
Top publishers (this list)
  • SecurityWeek (1)
  • BankInfoSecurity (1)
  • SC Media (1)
Top origin domains (this list)
  • securityweek.com (1)
  • bankinfosecurity.com (1)
  • scworld.com (1)