How a hijacked npm preinstall hook delivered a silent infostealer
A hijacked npm package used a preinstall hook to drop a cross-platform Rust infostealer, exposing risks in unattended and AI-agent-driven installs.
In July 2026, publish credentials for jscrambler, a widely used commercial JavaScript obfuscation package, were compromised, and five malicious versions shipped over roughly three hours. None matched any commit or release in the project's public GitHub repo, indicating attackers had control of the release pipeline rather than the maintainers' source.
The attack abused package.json's preinstall lifecycle script, chaining to a loader that unpacked a multi-platform container holding separate Linux, Windows, and macOS binaries. The Rust-based payload targeted browser credential stores, crypto wallets, and Bitwarden vaults, then established persistence and exfiltrated data over Tor. A scanner called Socket flagged the malicious versions within about six minutes of publication, but most developers and CI pipelines don't run equivalent tooling.
The incident is a pointed warning for AI-driven development workflows, where agents run npm install as one step among many and no human reviews the output. Agent machines often hold real browser sessions from automation tools, making them prime targets for exactly this kind of credential theft. The practical takeaway: auditing existing install scripts, using --ignore-scripts deliberately rather than blanket-disabling it, and pinning and verifying dependencies are no longer optional hygiene but necessary controls, especially since some payload variants moved execution into runtime code to bypass script-blocking flags entirely.