www.securityweek.com 7/14/2026, 9:10:27 AM · external

Malicious Jscrambler NPM update steals credentials, crypto keys

Malicious Jscrambler NPM update steals credentials, crypto keys
CyberSIXT Evidence Panel
Primary Source jscrambler.com

A supply chain attack has compromised multiple versions of Jscrambler's NPM package, involving the unauthorized publication of malicious code that executes harmful binaries during installation. The initial incident began on July 11, with malicious versions identified as 8.16, 8.17, 8.18, and 8.20, which resulted in 1,479 downloads before being deprecated.

The malware targets sensitive information on developer machines, including credentials and cryptocurrency wallets, and can escalate privileges and maintain persistence. Jscrambler has revoked compromised credentials and strengthened their publishing process. Users are advised to remove the affected packages and secure their credentials.

View Primary Source Via www.securityweek.com

Article by CyberSIXT