THREATOPS
THREAT OPSThreat News › Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install

Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install

lowthehackernewsPublished 2026-07-11

The jscrambler npm package was compromised, and simply installing its 8.14.0 release runs an infostealer on your machine. Published on July 11, 2026, the malicious version carries a preinstall hook that drops and executes a native binary, one build each for Windows, macOS, and Linux.

Socket flagged the release six minutes after it was published. If you or one of your

Original source: https://thehackernews.com/2026/07/compromised-jscrambler-8140-npm-release.html