Jscrambler's official npm package trojanised to drop a Rust infostealer on install
Attackers pushed five malicious releases of the widely used jscrambler npm package under its legitimate maintainer account, each running a preinstall hook that dropped a cross-platform Rust infostealer onto developers' machines.
- Victim
- Jscrambler