Skip to content
feed: live
>_ 0dayNews
supply chain
● Breaking

jscrambler 8.14.0 npm hijack: Rust stealer on install

Malicious jscrambler 8.14.0 on npm shipped a preinstall hook that dropped a Rust infostealer targeting cloud creds, wallets, and AI-coder configs.

fuse Marisol "Fuse" Delgado · Published · 4 min read

A malicious release of the jscrambler npm package went live earlier today and stayed live long enough for anyone on a latest-tracking install to pull it. If you or your CI ran npm install jscrambler between publish and now, treat the host as compromised and rotate.

Socket caught version 8.14.0 six minutes after it hit the registry on July 11, 2026, per The Hacker News. The compromised release is the plain jscrambler package — the JavaScript obfuscation and anti-tamper SDK — pulling roughly 15,800 weekly downloads before the incident. Two new files landed under dist/ alongside the legitimate build: a small setup.js loader and a ~7.8 MB intro.js that carried native Rust binaries for Linux, Windows, and macOS. preinstall in package.json pointed at setup.js. That is the entire trigger — no import call, no CLI invocation. npm install with the default allowScripts behavior was enough.

The next clean release, 8.15.0, is already up. The malicious 8.14.0 had not been unpublished at time of writing — the registry entry was still resolvable, which means a pinned or lockfile-frozen install targeting 8.14.0 will still pull the payload until npm removes it.

What the payload does

setup.js picks the right binary out of intro.js for the host OS, writes it under a random name to the system temp directory, marks it executable, and detaches it. The stealer then walks the host for:

  • Cloud provider credentials — AWS, Azure, Google Cloud
  • Cryptocurrency wallets — MetaMask, Phantom, Exodus
  • Password managers and browser storage — Bitwarden, browser passwords and cookies
  • Chat and platform sessions — Discord, Slack, Telegram, Steam
  • Config files for AI coding tools — Claude Desktop, Cursor, Windsurf

Exfiltration goes to two hardcoded C2 IPs and also touches Tor project infrastructure — the C2 IPs and file hashes are in the IOC block below.

The AI-coder-config bit is the newer piece and worth calling out on its own. Those files carry MCP server tokens, API keys for whatever providers you’ve wired the assistant into, and in some cases session material for whatever the assistant is authenticated against. Treat any developer laptop that ran the bad install as a laptop whose AI assistant’s credentials are also gone.

How this got into the registry

Not established. The Hacker News notes 8.14.0 was pushed straight to npm “under a legitimate maintainer account, bypassing the project’s normal release flow.” Whether that means the maintainer’s npm credentials were stolen, an OTP was phished, or a build system was intruded is not yet public. Same shape as the Shai-Hulud worm, the chalk / debug maintainer takeover, and the Axios push earlier this year — the delivery detail changes, the maintainer-account weak point does not.

What to do

1. Grep every lockfile. package-lock.json, yarn.lock, pnpm-lock.yaml, bun.lock. Any resolution to jscrambler@8.14.0 is a hit — whether or not you actually reinstalled today, if the lockfile pins to it and you regenerate, you’re pulling the payload. Confirm the current pin is 8.15.0 or 8.13.0, and lock it there.

2. Assume compromise on any host that did npm install jscrambler today. CI runners, developer laptops, staging build boxes. “Compromise” here means: dump running processes, look for the random-named binary in the OS temp directory (matching the hashes below), and rotate every credential the stealer’s target list covers — AWS/Azure/GCP tokens, browser-stored passwords, MetaMask and other wallet seeds, Discord/Slack/Telegram sessions, and yes, your AI assistant’s API keys and MCP tokens.

3. Turn install scripts off if you haven’t already. npm 12 shipped on 2026-07-08 and defaults allowScripts to off — the exact class of preinstall trigger this attack used doesn’t run under that default. If you’re on npm 12 with the new default, the payload never fired. If you’re pinned to an older npm or you re-enabled scripts, you got the full experience. Coverage of the npm 12 change: our writeup from Saturday morning.

4. If your CI has secrets scoped narrower than “the whole cloud account,” this is the day you get to be grateful. If it doesn’t, this is the day you fix it. Long-lived AWS access keys or GCP service-account JSON pasted into environment variables are exactly what a stealer’s warehouse tools like this to grab. Move CI to OIDC federation now, not next quarter.

Indicators of compromise

Hashes and network indicators from the Socket analysis, republished by The Hacker News. Defanged where relevant:

SHA-256:

  • dist/setup.jsa742de963f14a92d24ebcbc7b44ac867e23a20d31d1b0094a13a4f83287f4e60
  • dist/intro.jsa41a523ef9517aab37ed6eea0ec881821bdcb7aefcb5c5f603adc7907f868c86
  • Linux payload — fbbcf4d8f98168f78f5c0c47a9ae56d59ec8ac84a7c9ca6b797fedfb8d62d2bd
  • Windows payload — b7ca95d1b23c8e67416a25cedf741de0917c2096bbc9d24649eea7853d054903
  • macOS payload — c8fd47d36bdf7c825378593ab82ed8c24d1dc52e26b507812393e24e1d5201fd

C2 (defanged):

  • 37.27.122[.]124
  • 57.128.246[.]79

The payload also reaches check.torproject[.]org and archive.torproject[.]org — legitimate hosts, but their appearance alongside the two C2 IPs above is a useful correlation signal in outbound-connection logs from a build box that should not be talking to Tor infrastructure for any normal reason.

Priority call

Grep your lockfiles for jscrambler@8.14.0 before you do anything else this hour. If you find it: rotate credentials from every compromised host, and pin to 8.15.0 (or hold at 8.13.0). If you don’t find it: get npm 12 rolled out on developer machines and CI runners this week, because the next one of these will land the same way.

The honest timeline: six minutes from publish to Socket flagging it is fast, but the window between “malicious version live on npm” and “widely detected” always ships some poison to somebody. If your answer to “did any CI job or laptop hit npm install jscrambler today” is “I don’t know,” find out before end of day.

Sources

Found this useful? Share it.