ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
HIGH Open Source

Poisoned Jscrambler npm packages distribute a cross-platform credential stealer

Source headline: Multiple Jscrambler Packages Impacted by Supply Chain Attack

Threat level High
Signal strength 75/100
Source confidence 1 source
Published 1 day ago

Intelligence Summary

A supply chain incident targeted multiple Jscrambler NPM package versions. A threat actor poisoned the packages so that installations could drop a cross-platform credential stealer. The malware is designed to collect sensitive credentials across different environments. Because Jscrambler is used in JavaScript build workflows, the risk extends to any project that pulls the affected versions. Developers should review dependency versions and rotate any exposed credentials if compromise is suspected.

Recommended Action

Review affected assets, schedule urgent remediation, and monitor related indicators.

Topics

#supply-chain #npm #malicious-package #jscrambler #credential-stealer
Original reporting SecurityWeek Multiple Jscrambler Packages Impacted by Supply Chain Attack
Open original source