Home/News/Hackers Backdoor Jscrambler npm Package With Infostealer
BleepingComputer2 min read

By Interestana AI Editorial — AI-drafted, human-overseen. How we report

Hackers Backdoor Jscrambler npm Package With Infostealer

Jscrambler, a web security company, disclosed on May 23, 2024, that a threat actor successfully compromised its npm package. The malicious version of the Jscrambler package was published by the attacker and has since been downloaded approximately 1,500 times. This compromised package contained infostealer malware, designed to steal sensitive information from users.

The company stated that the malicious code was introduced into the package through a compromised dependency. Jscrambler's security team identified the threat and immediately took action to remove the malicious version from the npm registry. They also initiated an investigation to determine the full scope of the compromise and to identify any potential impact on users.

Jscrambler has since released a clean version of the package and is advising all users to update to the latest version as soon as possible. The company is also enhancing its security protocols to prevent similar incidents from occurring in the future. The incident highlights the ongoing risks associated with supply chain attacks in the software development ecosystem, where vulnerabilities in third-party dependencies can be exploited by malicious actors.

Original source — read the full reporting at the publisher:

Read on BleepingComputer

Get the weekly AI digest

AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.

Read next