Five npm versions of jscrambler compromised with Rust info-stealer bypassing --ignore-scripts

The attacker compromised jscrambler's npm account on July 11 and published five malicious versions of the tool used by 43,000 companies including Fortune 500, featuring a Rust info-stealer that captures browser credentials and Bitwarden vaults.
Five versions of the official npm package for jscrambler, a JavaScript obfuscation tool used by over 43,000 companies including Fortune 500 clients, were compromised on July 11 with an info-stealer compiled in Rust that captures saved credentials in browsers and the Bitwarden password manager vault. The attack kept the malicious versions available on npm for approximately three hours. The security platform Socket detected the first compromised version six minutes after its publication.
Five Versions, Two Tactics, One Payload
The versions 8.14.0, 8.16.0, 8.17.0, 8.18.0, and 8.20.0 were published by the attacker interspersed with clean versions pushed by jscrambler maintainers in an attempt at remediation, indicating that control of the account or the CI/CD pipeline was maintained throughout the incident window.
Versions 8.14.0 to 8.17.0 operated via a preinstall hook: when running npm install, the script dist/setup.js extracted a native binary for each operating system (Linux, Windows, and macOS) and executed it silently. Starting with version 8.18.0, the attacker altered the approach. The payload started to be loaded by the main module itself upon import, via dist/index.js and dist/bin/jscrambler.js. This change circumvents npm's --ignore-scripts flag, a parameter adopted by corporate security teams as a barrier against untrusted installation scripts.
What the Info-Stealer Captured
The Rust binary, identical across all five compromised versions, scans the developer's machine for Chromium browser profiles (Chrome, Brave, Edge), local vault data from the Bitwarden extension, and active Steam sessions. The collected information is transmitted to a collection server via TLS. On Windows, the malware established persistence via Task Scheduler; on macOS, via LaunchAgents. Linux machines only received immediate exfiltration, without a persistence mechanism.
According to Socket's analysis, the unauthorized access to jscrambler's npm account or CI/CD pipeline allowed for the publication of versions signed under the legitimate package identity, rendering metadata inspection ineffective.
Why the Vector Directly Affects Financial Production Environments
jscrambler is adopted by companies for JavaScript obfuscation in production and for compliance with PCI DSS v4, the security standard of the payment card industry that requires protection of scripts on checkout pages. With 60,000 monthly downloads on npm, the package routinely circulates in continuous integration pipelines of retailers, banks, and payment processors in the United States and the United Kingdom, two of the markets where PCI DSS v4 has become mandatory in 2025.
The compromise of a code protection tool used by companies in the financial sector represents a second-level vector: the attacker did not invade the end customer, but the tool that the customer uses to protect their own clients. This pattern was documented in SolarWinds (2020), when network monitoring software became a channel for access to U.S. government agencies, and in 3CX (2023), when corporate communication software was trojanized to distribute malware to companies in over 60 countries.
What is Known About the Extent of the Damage
Socket has not disclosed how many organizations installed the compromised versions before their removal. jscrambler had not issued a public statement regarding the number of affected machines by the time this report was published. The five versions were removed from npm within three hours of the incident, but any environment that executed npm install against one of the compromised versions during that period should be treated as compromised until proven otherwise.
Developers who installed versions 8.14.0, 8.16.0, 8.17.0, 8.18.0, or 8.20.0 should immediately rotate saved passwords in Chrome, Brave, and Edge, revoke tokens from Bitwarden, and audit scheduled processes on Windows and LaunchAgents on macOS. The absence of a persistence mechanism on Linux does not equal the absence of damage: exfiltration occurs at the time of installation, before any persistence is needed.