SECURITYBLEEPING COMPUTER
Hackers backdoor Jscrambler npm package with infostealer malware
A threat actor published a malicious version of the Jscrambler npm package, which was downloaded almost 1,500 times. Jscrambler, a client-side web security company, disclosed the breach.
Related Signal
Adjacent reporting
- Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install
- Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
- New IronWorm malware hits 36 packages in npm supply-chain attack
- Mini Shai-Hulud returns, compromising hundreds of npm packages
- Leaked Shai-Hulud malware fuels new npm infostealer campaign
- Cache-poisoning caper turns TanStack npm packages toxic