Full Report
Version 8.14.0 of the jscrambler npm package shipped with a malicious preinstall hook that silently drops and runs a native infostealer during installation, one build each for Windows, macOS, and Linux. Published on July 11, 2026, it needs no import and no CLI call. Installing 8.14.0 is enough to run it. Socket flagged the release six minutes after it was
Analysis Summary
# Incident Report: Compromised jscrambler npm Release (v8.14.0)
## Executive Summary
On July 11, 2026, version 8.14.0 of the popular `jscrambler` npm package was released containing a malicious preinstall hook. This hook automatically executed a cross-platform Rust-based infostealer designed to exfiltrate developer credentials, cloud keys, and AI configuration files. The incident highlights a sophisticated supply chain attack targeting high-value development environments and CI/CD pipelines.
## Incident Details
- **Discovery Date:** July 11, 2026 (6 minutes after publication)
- **Incident Date:** July 11, 2026
- **Affected Organization:** Users of the `jscrambler` npm package
- **Sector:** Software Development / Technology
- **Geography:** Global
## Timeline of Events
### Initial Access
- **Date/Time:** July 11, 2026
- **Vector:** Software Supply Chain Compromise
- **Details:** A malicious version (8.14.0) of the `jscrambler` package was published to the npm registry. It included a `preinstall` hook in `package.json` that triggered upon installation.
### Lateral Movement
- **Details:** The malware attempts to escalate privileges and establish persistence on the infected host. It specifically targets cloud metadata endpoints (AWS, Azure, GCP) used by CI/CD runners to potentially pivot into cloud infrastructure.
### Data Exfiltration/Impact
- **Details:** The Rust-based infostealer sweeps the machine for:
- Cloud credentials (AWS, Azure, Google Cloud).
- Cryptocurrency wallets (MetaMask, Phantom, Exodus).
- Browser passwords, cookies, and session tokens (Slack, Discord, Telegram).
- AI tool configurations (Claude Desktop, Cursor, VS Code, Windsurf) containing API keys.
- Data is sent to a remote drop server via TLS.
### Detection & Response
- **Detection:** Socket’s automated monitoring flagged the release within six minutes of publication due to the suspicious preinstall hook and bundled binaries.
- **Response:** Security researchers analyzed the binaries; the maintainers subsequently released version 8.15.0 (clean) to supersede the malicious version.
## Attack Methodology
- **Initial Access:** Compromised npm registry release (potentially via stolen tokens or CI/CD breach).
- **Persistence:** Included code for maintaining access on the host system.
- **Privilege Escalation:** Native binaries included routines for elevated execution.
- **Defense Evasion:** Used `setup.js` to pick a platform-specific binary, renamed it randomly in the temp directory, and ran it detached with hidden output. Sensitive strings were individually encrypted.
- **Credential Access:** Scraped browser storage, configuration files, and environment variables.
- **Discovery:** Swept for specific application directories (AI tools, wallets, cloud CLI configs).
- **Collection:** Aggregated secrets and session tokens into a central payload.
- **Exfiltration:** Data transmitted over encrypted TLS connections.
- **Impact:** Compromise of developer identity and cloud infrastructure access.
## Impact Assessment
- **Financial:** Potential theft of cryptocurrency and unauthorized cloud resource usage.
- **Data Breach:** High-severity theft of authentication tokens, API keys, and session cookies.
- **Operational:** Compromise of CI/CD pipelines and automated build environments.
- **Reputational:** Erosion of trust in third-party development dependencies.
## Indicators of Compromise
- **Network Indicators:** Encrypted TLS traffic to unknown/unverified drop servers (URLs/IPs were not specified in the source but should be monitored).
- **File Indicators:**
- `dist/setup.js` (Loader)
- `dist/intro.js` (~7.8MB Gzip container)
- Randomly named executable in system `%TEMP%` or `/tmp`.
- **Behavioral Indicators:** `npm install` triggering unauthorized outbound TLS connections; creation of detached background processes during package installation.
## Response Actions
- **Containment:** Users must immediately stop using version 8.14.0.
- **Eradication:** Remove `[email protected]` from `package-lock.json` or `yarn.lock`. Audit and rotate all secrets (AWS, Azure, AI API keys) handled by affected machines.
- **Recovery:** Update to version 8.15.0 or rollback to 8.13.0.
## Lessons Learned
- **Script Execution:** Install-time scripts remain a massive surface for supply chain attacks.
- **Timing:** Even a six-minute detection window is enough for automated malware to exfiltrate targeted secrets from CI/CD runners.
- **Targeting:** Attackers are increasingly moving from general credential theft to targeting AI development tools and Model Context Protocol (MCP) credentials.
## Recommendations
- **Upgrade npm:** Use npm 12+ where `ignore-scripts` is the default behavior.
- **Lockfile Security:** Use tools to audit lockfiles for versions flagged as malicious.
- **Principle of Least Privilege:** Ensure CI/CD runners have restricted access to sensitive cloud metadata and credentials.
- **Dependency Pinning:** Use specific versions and verify hashes where possible.