Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install

Read full story on The Hacker News
Share
Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install
AI disclosure

Summary

The jscrambler npm package was compromised, and simply installing its 8.14.0 release runs an infostealer on your machine. Published on July 11, 2026, the malicious version carries a preinstall hook that drops and executes a native binary, one build each for Windows, macOS, and Linux. Socket flagged the release six minutes after it was published. If you or one of your

Original reporting

Open original source

Related coverage

Read full article on The Hacker News

Get the AFBytes Brief

Major stories, AI-assisted analysis, and what to watch next. Free, monthly, unsubscribe anytime.