A supply chain attack has compromised multiple versions of Jscrambler's NPM package, involving the unauthorized publication of malicious code that executes harmful binaries during installation. The initial incident began on July 11, with malicious versions identified as 8.16, 8.17, 8.18, and 8.20, which resulted in 1,479 downloads before being deprecated.
The malware targets sensitive information on developer machines, including credentials and cryptocurrency wallets, and can escalate privileges and maintain persistence. Jscrambler has revoked compromised credentials and strengthened their publishing process. Users are advised to remove the affected packages and secure their credentials.