ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
HIGH Open Source

Jscrambler npm package compromised with infostealer backdoor

Source headline: Hackers backdoor Jscrambler npm package with infostealer malware

Threat level High
Signal strength 75/100
Source confidence 1 source
Published 2 days ago

Intelligence Summary

A threat actor published a malicious version of the Jscrambler npm package. Security researchers report the package has been downloaded nearly 1,500 times before removal. The backdoored release embeds infostealer malware to target users who install it. This affects developers and anyone building web applications using the compromised dependency. If you use Jscrambler in your npm workflow, review your installed versions and lockfile to ensure only trusted releases are used.

Recommended Action

Review affected assets, schedule urgent remediation, and monitor related indicators.

Topics

#supply-chain #malware #npm #backdoor #infostealer #jscrambler
Original reporting BleepingComputer Hackers backdoor Jscrambler npm package with infostealer malware
Open original source