Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Microsoft releases Windows 10 KB5099539 extended security update

    July 14, 2026

    Enterprise Asset Management Policy Template for the CIS Controls v8.1 (French)

    July 14, 2026

    Spanish Police take down €140 million cyber fraud ring, arrest four

    July 14, 2026
    Facebook X (Twitter) Instagram
    • Demos
    • Technology
    • Gaming
    • Buy Now
    Facebook X (Twitter) Instagram Pinterest Vimeo
    Canadian Cyber WatchCanadian Cyber Watch
    • Home
    • News
    • Alerts
    • Tips
    • Tools
    • Industry
    • Incidents
    • Events
    • Education
    Subscribe
    Canadian Cyber WatchCanadian Cyber Watch
    Home»News»Hackers backdoor Jscrambler npm package with infostealer malware
    News

    Hackers backdoor Jscrambler npm package with infostealer malware

    adminBy adminJuly 13, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Hackers backdoor Jscrambler npm package with infostealer malware

    The Jscrambler client-side web security company disclosed that a threat actor published a malicious version of its npm package that has been downloaded almost 1,500 times.

    The malicious Jscrambler package spanned releases 8.14, 8.16, 8.17, and 8.20 and included information-stealing malware that executed during the ‘preinstall’ hook.

    “Today, we identified the unauthorized publication of a malicious version of our jscrambler npm package, which is used with our Code Integrity product,” Jscrambler says in a warning on Saturday.

    image

    “This incident was limited to that package and did not affect any other Jscrambler products, including Webpage Integrity,” the company said.

    Although Jscrambler reacted quickly, the malicious package lasted for two hours before the developer deprecated it and released the safe version 8.22.

    The affected package was a dependency for four other Jscrambler packages, which the vendor has also deprecated and replaced with new versions.

    Statistical data from Node Package Manager (npm) shows that the malicious package was downloaded 1,479 times during the two-hour window.

    Jscrambler is a commercial platform for protecting web and mobile JavaScript applications from reverse engineering and tampering.

    Its npm package has 17,000 weekly downloads and enables app developers to upload their JavaScript to Jscrambler’s service to protect the code from alteration. This helps defend against real-time modifications like injecting malicious code.

    Application-security company Socket detected the compromise and analyzed the unauthorized Jscrambler release. The researchers say that the package included an infostealer that targeted multiple types of sensitive data:

    • Source code and project files
    • Developer credentials and secrets (Git, SSH, environment variables, CI/CD tokens)
    • Cloud credentials and secret managers (AWS, Azure, GCP, Kubernetes)
    • AI coding tools and MCP configurations (Claude, Cursor, Windsurf, VS Code, Zed)
    • Cryptocurrency wallets and seed phrases (MetaMask, Phantom, Coinbase, Exodus, Trust Wallet)
    • Browser data (cookies, saved credentials)
    • Messaging and collaboration apps (Slack, Discord, Telegram)

    Socket reports that the malware used strong per-string obfuscation via the ChaCha20-Poly1305 encryption algorithm, which made it difficult to reverse-engineer the code.

    According to Jscrambler, the compromise was possible due to compromised npm publishing credentials, which the company has revoked.

    Following the incident, additional security controls have been implemented for the publishing pipeline.

    Developers who have used the malicious npm packages should treat their environments as compromised, rotate all secrets, and restore from safe backups.

    Jscrambler recommends that customers make sure that they are using the latest version of the product.


    article image

    Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

    The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

    Get the whitepaper



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleJapan’s largest taxi operator shuts systems after cyberattack
    Next Article New CrashStealer malware poses as Apple crash reporting tool
    admin
    • Website

    Related Posts

    News

    Microsoft releases Windows 10 KB5099539 extended security update

    July 14, 2026
    News

    Enterprise Asset Management Policy Template for the CIS Controls v8.1 (French)

    July 14, 2026
    News

    Spanish Police take down €140 million cyber fraud ring, arrest four

    July 14, 2026
    Add A Comment

    Comments are closed.

    Demo
    Top Posts

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    85
    Featured

    Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

    January 15, 2021 Featured
    8.1
    Uncategorized

    A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

    January 15, 2021 Uncategorized
    8.9
    Editor's Picks

    DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

    January 15, 2021 Editor's Picks

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Demo
    Most Popular

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views
    Our Picks

    Microsoft releases Windows 10 KB5099539 extended security update

    July 14, 2026

    Enterprise Asset Management Policy Template for the CIS Controls v8.1 (French)

    July 14, 2026

    Spanish Police take down €140 million cyber fraud ring, arrest four

    July 14, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Technology
    • Gaming
    • Phones
    • Buy Now
    © 2026 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.