jscrambler 8.14.0 npm hijack: Rust stealer on install
Malicious jscrambler 8.14.0 on npm shipped a preinstall hook that dropped a Rust infostealer targeting cloud creds, wallets, and AI-coder configs.
A malicious release of the jscrambler npm package went live earlier
today and stayed live long enough for anyone on a latest-tracking
install to pull it. If you or your CI ran npm install jscrambler
between publish and now, treat the host as compromised and rotate.
Socket caught version 8.14.0 six minutes after
it hit the registry on July 11, 2026, per The Hacker
News.
The compromised release is the plain jscrambler package — the
JavaScript obfuscation and anti-tamper SDK — pulling roughly 15,800
weekly downloads before the incident. Two new files landed under
dist/ alongside the legitimate build: a small setup.js loader and
a ~7.8 MB intro.js that carried native Rust binaries for Linux,
Windows, and macOS. preinstall in package.json pointed at
setup.js. That is the entire trigger — no import call, no CLI
invocation. npm install with the default allowScripts behavior
was enough.
The next clean release, 8.15.0, is already up. The malicious 8.14.0 had not been unpublished at time of writing — the registry entry was still resolvable, which means a pinned or lockfile-frozen install targeting 8.14.0 will still pull the payload until npm removes it.
What the payload does
setup.js picks the right binary out of intro.js for the host OS,
writes it under a random name to the system temp directory, marks it
executable, and detaches it. The stealer then walks the host for:
- Cloud provider credentials — AWS, Azure, Google Cloud
- Cryptocurrency wallets — MetaMask, Phantom, Exodus
- Password managers and browser storage — Bitwarden, browser passwords and cookies
- Chat and platform sessions — Discord, Slack, Telegram, Steam
- Config files for AI coding tools — Claude Desktop, Cursor, Windsurf
Exfiltration goes to two hardcoded C2 IPs and also touches Tor project infrastructure — the C2 IPs and file hashes are in the IOC block below.
The AI-coder-config bit is the newer piece and worth calling out on its own. Those files carry MCP server tokens, API keys for whatever providers you’ve wired the assistant into, and in some cases session material for whatever the assistant is authenticated against. Treat any developer laptop that ran the bad install as a laptop whose AI assistant’s credentials are also gone.
How this got into the registry
Not established. The Hacker News notes 8.14.0 was pushed straight to npm “under a legitimate maintainer account, bypassing the project’s normal release flow.” Whether that means the maintainer’s npm credentials were stolen, an OTP was phished, or a build system was intruded is not yet public. Same shape as the Shai-Hulud worm, the chalk / debug maintainer takeover, and the Axios push earlier this year — the delivery detail changes, the maintainer-account weak point does not.
What to do
1. Grep every lockfile. package-lock.json, yarn.lock,
pnpm-lock.yaml, bun.lock. Any resolution to jscrambler@8.14.0
is a hit — whether or not you actually reinstalled today, if the
lockfile pins to it and you regenerate, you’re pulling the payload.
Confirm the current pin is 8.15.0 or 8.13.0, and lock it there.
2. Assume compromise on any host that did npm install jscrambler
today. CI runners, developer laptops, staging build boxes.
“Compromise” here means: dump running processes, look for the
random-named binary in the OS temp directory (matching the hashes
below), and rotate every credential the stealer’s target list covers
— AWS/Azure/GCP tokens, browser-stored passwords, MetaMask and other
wallet seeds, Discord/Slack/Telegram sessions, and yes, your AI
assistant’s API keys and MCP tokens.
3. Turn install scripts off if you haven’t already. npm 12
shipped on 2026-07-08 and defaults allowScripts to off — the exact
class of preinstall trigger this attack used doesn’t run under
that default. If you’re on npm 12 with the new default, the payload
never fired. If you’re pinned to an older npm or you re-enabled
scripts, you got the full experience. Coverage of the npm 12 change:
our writeup from Saturday
morning.
4. If your CI has secrets scoped narrower than “the whole cloud account,” this is the day you get to be grateful. If it doesn’t, this is the day you fix it. Long-lived AWS access keys or GCP service-account JSON pasted into environment variables are exactly what a stealer’s warehouse tools like this to grab. Move CI to OIDC federation now, not next quarter.
Indicators of compromise
Hashes and network indicators from the Socket analysis, republished by The Hacker News. Defanged where relevant:
SHA-256:
dist/setup.js—a742de963f14a92d24ebcbc7b44ac867e23a20d31d1b0094a13a4f83287f4e60dist/intro.js—a41a523ef9517aab37ed6eea0ec881821bdcb7aefcb5c5f603adc7907f868c86- Linux payload —
fbbcf4d8f98168f78f5c0c47a9ae56d59ec8ac84a7c9ca6b797fedfb8d62d2bd - Windows payload —
b7ca95d1b23c8e67416a25cedf741de0917c2096bbc9d24649eea7853d054903 - macOS payload —
c8fd47d36bdf7c825378593ab82ed8c24d1dc52e26b507812393e24e1d5201fd
C2 (defanged):
37.27.122[.]12457.128.246[.]79
The payload also reaches check.torproject[.]org and
archive.torproject[.]org — legitimate hosts, but their appearance
alongside the two C2 IPs above is a useful correlation signal in
outbound-connection logs from a build box that should not be talking
to Tor infrastructure for any normal reason.
Priority call
Grep your lockfiles for jscrambler@8.14.0 before you do anything
else this hour. If you find it: rotate credentials from every
compromised host, and pin to 8.15.0 (or hold at 8.13.0). If you
don’t find it: get npm 12 rolled out on developer machines and CI
runners this week, because the next one of these will land the same
way.
The honest timeline: six minutes from publish to Socket flagging it
is fast, but the window between “malicious version live on npm” and
“widely detected” always ships some poison to somebody. If your
answer to “did any CI job or laptop hit npm install jscrambler
today” is “I don’t know,” find out before end of day.
Sources
- Ravie Lakshmanan. Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install. The Hacker News, 2026-07-11.
- Socket. socket.dev — original detection source cited by The Hacker News; full technical writeup expected on Socket’s blog.
- Related coverage: npm 12 turns install scripts off by default, 2026-07-11. Injective Labs SDK npm compromise (July 10).
Found this useful? Share it.


