jscrambler npm package publishes malicious preinstall binary
On July 11, 2026, version 8.14.0 of jscrambler was published to npm carrying a malicious preinstall hook that drops and executes a platform-specific native binary on Linux, Windows, and macOS…
Read the full articleYou might also wanna read
Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install
The jscrambler npm package was compromised, and simply installing its 8.14.0 release runs an infostealer on your machine. Published on July
Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install
The jscrambler npm package was compromised, and simply installing its 8.14.0 release runs an infostealer on your machine. Published on July
Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install
The jscrambler npm package was compromised, and simply installing its 8.14.0 release runs an infostealer on your machine. Published on July
MAL-2026-10187: Malicious code in jscrambler (npm)
The jscrambler npm package versions 8.14.0, 8.16.0, 8.18.0, and 8.20.0 contain malicious code. The main entry script executes a hidden paylo
Official jscrambler npm Package Compromised at 8.14.0
The official jscrambler npm package (60K monthly downloads) was trojanized at version 8.14.0 through an account or CI compromise. A new prei
jscrambler npm Package Compromised in Supply Chain Attack
The jscrambler npm package was compromised in a supply chain attack with malicious versions released on July 11, 2026. These versions (8.14.

Comments
Sign in to join the conversation.
No comments yet. Be the first.