ShellCodeX Intelligence Brief
HIGH
Open Source
Jscrambler npm package compromised with infostealer backdoor
Source headline: Hackers backdoor Jscrambler npm package with infostealer malware
Threat level
High
Signal strength
75/100
Source confidence
1 source
Published
2 days ago
Intelligence Summary
A threat actor published a malicious version of the Jscrambler npm package. Security researchers report the package has been downloaded nearly 1,500 times before removal. The backdoored release embeds infostealer malware to target users who install it. This affects developers and anyone building web applications using the compromised dependency. If you use Jscrambler in your npm workflow, review your installed versions and lockfile to ensure only trusted releases are used.
Recommended Action
Review affected assets, schedule urgent remediation, and monitor related indicators.
Topics
Original reporting
BleepingComputer
Hackers backdoor Jscrambler npm package with infostealer malware
Open original source