Diamond Member ThaHaka 0 Posted Saturday at 05:59 PM Diamond Member Share Posted Saturday at 05:59 PM This is the hidden content, please Sign In or Sign Up Version 8.14.0 of the jscrambler npm package shipped with a malicious preinstall hook that silently drops and runs a native infostealer during installation, one build each for Windows, macOS, and Linux. Published on July 11, 2026, it needs no import and no CLI call. Installing 8.14.0 is enough to run it. Socket flagged the release six minutes after it was This is the hidden content, please Sign In or Sign Up 0 Quote Link to comment https://hopzone.eu/forums/topic/321244-h4ckn3wscompromised-jscrambler-8140-npm-release-drops-rust-infostealer-during-install/ Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.