Jscrambler npm Supply Chain Attack Steals Cloud Credentials and Crypto Wallet Secrets
ID: fdb4f6b3-b4f7-5c3b-9e2b-71a01dd91503
STIX ID: report--fdb4f6b3-b4f7-5c3b-9e2b-71a01dd91503
Feed Name: GBHackers
**Executive summary:** The Jscrambler npm package was compromised and multiple trojanized releases (including 8.16.0, 8.17.0, 8.18.0, 8.20.0 and a maliciously published 8.15.2) contained a hidden cross-platform credential-stealing payload that executed via a malicious preinstall hook or a self-executing dropper, targeting developer machines, CI/CD pipelines, cloud credentials (AWS, GCP, Azure), browser wallets, developer tool configuration, and other sensitive artifacts; the report provides IOCs (file names, SHA-256 hashes), details on delivery and exfiltration, and remediation guidance to remove affected versions, rotate secrets, and upgrade to 8.22.0.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
