A recent supply chain attack has compromised the ‘jscrambler’ npm package, a widely used JavaScript code-protection tool with over 15,800 weekly downloads. Malicious versions of the package were published, deploying native malware across Linux, macOS, and Windows systems.
The initial malicious release, [email protected], was detected on July 11, 2026, by the Socket Research Team, just six minutes after its publication. This compromised version included an undocumented preinstall script that executed malicious code automatically when developers ran ‘npm install’, without requiring them to import the package or use its command-line interface.
Subsequent versions—8.16.0, 8.17.0, 8.18.0, and 8.20.0—were also affected. Jscrambler confirmed that an attacker utilized an npm publishing credential to upload these unauthorized releases. In response, the company revoked and rotated publishing credentials, deprecated the compromised versions, and released a clean version, 8.22.0.
Details of the Compromise
In the early malicious releases, attackers inserted a preinstall hook that launched ‘dist/setup.js’. This loader read a disguised binary container named ‘dist/intro.js’, selected a payload based on the victim’s operating system, and wrote it to a hidden temporary file. The loader then executed the payload in the background without displaying output or requiring user interaction. The container included three Rust-based binaries: a Linux ELF file, a Windows PE executable, and a macOS Apple Silicon Mach-O binary.
Starting with version 8.18.0, the attackers removed the install hook and injected the same loader into the package’s main JavaScript files. This modification allowed the malware to execute when an application imported jscrambler or when its CLI was run, effectively bypassing checks focused solely on npm lifecycle scripts.
The malware was designed to steal high-value developer and cloud credentials, targeting browser data, cryptocurrency wallets, Discord, Slack, Telegram, Steam sessions, cloud tokens, and local OS keyrings. It also searched for configuration files used by AI coding tools, including Claude Desktop, Cursor, Windsurf, VS Code, Zed, and MCP server configurations, which can contain API keys and sensitive connection details.
Additionally, the payload attempted to access credentials for AWS, Google Cloud, and Microsoft Azure. It included references to cloud metadata endpoints, secret-management services, Kubernetes APIs, and deployment environments. This poses a significant risk to software developers, as build systems and CI pipelines often contain source code, signing keys, deployment tokens, and production credentials.
To hinder analysis, the malware encrypted configuration strings using ChaCha20-Poly1305 encryption. Researchers also identified network code that appeared to upload stolen data via encrypted TLS connections, using a multipart HTTP request to the ‘/upload’ endpoint.
Organizations are advised to immediately remove affected ‘jscrambler’ versions, audit npm installation and CI logs, and rotate credentials exposed on impacted developer systems and build servers. Users should upgrade to the verified clean version 8.22.0 and review lockfiles for transitive references to compromised versions.
This incident underscores the critical importance of securing software supply chains. A stolen npm publishing credential can transform a trusted developer dependency into a vector for widespread malware distribution. Developers and organizations must implement robust security measures, including regular audits of dependencies, strict access controls, and continuous monitoring of package integrity, to mitigate such risks.