Supply Chain Attack: jscrambler npm Package Compromised, Targeting Wallets, AI Tools, Cloud Credentials
- Package compromised: Socket Research Team reported that [email protected] shipped a malicious preinstall hook running hidden native binaries.
- Broad targeting: The Rust-built infostealer hunts crypto wallets, AI coding tool configs, cloud credentials, and messaging apps.
- Safe version: Jscrambler confirmed a credential-based compromise; version 8.22.0 is clean and safe to use.
A compromised release of the popular jscrambler npm package introduced hidden native binaries that execute automatically during npm install, exposing users to a supply chain attack before any application code runs.
The malicious 8.14.0 version added an undocumented preinstall hook that invokes dist/setup.js. That loader reads an obfuscated CSI container roughly 7.8 MB in size, containing cross-platform, Rust-built infostealers for Linux x86-64, Windows x86-64, and macOS arm64.
Compromised jscrambler Release Ships Hidden Binaries
It drops and silently launches the binary matching the victim's operating system into a randomly named file in the system temp directory. None of these files exist in the prior clean release, 8.13.0, the July 11, 2026, Socket Research Team report said. The package receives roughly 15,800 downloads per week, and Socket detected the compromise just 6 minutes after publication.
The timing appears deliberate: npm 12 shipped July 8, 2026, disabling install scripts by default, and this attack landed three days later, exploiting the long tail of older npm clients that still run preinstall hooks automatically.
Extensive Credential Harvesting Surface
The infostealer targets browser-extension crypto wallets, AI coding tools, cloud credentials, and messaging apps, including:
- MetaMask,
- Phantom,
- Exodus,
- TrustWallet,
- Coinbase Wallet,
- Bitwarden password manager vault,
- Claude Desktop,
- Cursor,
- Windsurf,
- AWS,
- GCP,
- Azure,
- Discord,
- Slack,
- Telegram.
Campaign Evolution and Evasion Tactics
The same threat actor pushed additional malicious releases, 8.16.0, 8.17.0, 8.18.0, and 8.20.0, over roughly three hours. Beginning with 8.18.0, the delivery shifted away from the preinstall hook.
The identical dropper was instead injected as a self-executing function at the top of dist/index.js and dist/bin/jscrambler.js, firing on import or CLI use. This deliberately defeats scanners that inspect only install scripts and survives npm install --ignore-scripts.
Mitigation
Jscrambler confirmed the unauthorized publication, stating the attacker used a stolen npm publishing credential, and said the intrusion was limited to the jscrambler package for its Code Integrity product. The company rotated its credentials, hardened its publishing pipeline, and deprecated the affected releases.
Version 8.15.0, published in between, was confirmed clean. Version 8.22.0 is clean and safe to use. The malicious versions were deprecated. Affected users should:
- Remove [email protected],
- Rotate any credentials accessible to affected development or CI environments,
- Review installation logs for the execution of dist/setup.js,
- Revert to a verified clean release,
- Pin to version 8.13.0 or another verified clean release until the maintainers publish a remediation.
Last month, 30+ Red Hat npm packages were compromised by the Shai-Hulud malware variant.







