jscrambler npm Package Compromised in Supply Chain Attack
jscrambler npm package compromised, injecting native binaries during install.
Summary
The popular jscrambler npm package, version 8.14.0, was compromised and included hidden native binaries that execute automatically during the npm install process. This supply chain attack targets developer workstations and CI environments, potentially exposing sensitive information like API keys, credentials, and cryptocurrency wallet data. The malicious version was detected six minutes after publication.
Full text
Research/Security NewsFake Braintree NuGet Package Skims Credit Cards and Harvests Merchant CredentialsA malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps. By Joseph Edwards - Jul 09, 2026
Indicators of Compromise
- hash_sha256 — a742de963f14a92d24ebcbc7b44ac867e23a20d31d1b0094a13a4f83287f4e60
- hash_sha256 — a41a523ef9517aab37ed6eea0ec881821bdcb7aefcb5c5f603adc7907f868c86
- hash_sha256 — bba32ddeab075a5e5015eec50f5d2af364c95b848732c714aea6b6baf78f49f0
- hash_sha256 — fbbcf4d8f98168f78f5c0c47a9ae56d59ec8ac84a7c9ca6b797fedfb8d62d2bd
- hash_sha256 — b7ca95d1b23c8e67416a25cedf741de0917c2096bbc9d24649eea7853d054903
- hash_sha256 — c8fd47d36bdf7c825378593ab82ed8c24d1dc52e26b507812393e24e1d5201fd