AI Security AI安全 7h ago Updated 1h ago 更新于 1小时前 49

Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install 被篡改的 jscrambler 8.14.0 npm 版本在安装期间投放 Rust 信息窃取器

The npm package `jscrambler` version 8.14.0 was compromised with a preinstall hook that executes a cross-platform Rust infostealer. The malware targets developer environments, stealing cloud credentials, crypto wallet seeds, session tokens, and AI coding tool API keys. On Linux, the payload demonstrates advanced capabilities by loading eBPF programs directly into the kernel for persistent footholds. The attack exploited the window between npm 12's release (which disables install scripts by defau npm 包 `jscrambler` 的 8.14.0 版本被植入恶意代码,安装时通过 `preinstall` 钩子释放并执行跨平台 Rust 信息窃取器。 该恶意软件专门针对开发者环境,窃取云凭证、加密货币钱包、浏览器会话及 AI 编码工具(如 Cursor、VS Code)的 API 密钥。 攻击者利用 npm 账户或构建管道漏洞绕过正常发布流程,且在 npm 12 默认禁用安装脚本前仅三天发布,极具针对性。 尽管已发布干净版本 8.15.0,但恶意版本 8.14.0 未被下架,锁定该版本的系统仍面临持续风险。

75
Hot 热度
65
Quality 质量
70
Impact 影响力

Analysis 深度分析

TL;DR

  • The npm package jscrambler version 8.14.0 was compromised with a preinstall hook that executes a cross-platform Rust infostealer.
  • The malware targets developer environments, stealing cloud credentials, crypto wallet seeds, session tokens, and AI coding tool API keys.
  • On Linux, the payload demonstrates advanced capabilities by loading eBPF programs directly into the kernel for persistent footholds.
  • The attack exploited the window between npm 12's release (which disables install scripts by default) and older clients that still execute them automatically.
  • While version 8.15.0 was released to replace the malicious one, version 8.14.0 remains available on npm, posing ongoing risks to pinned dependencies.

Why It Matters

This incident highlights the critical vulnerability of supply chain attacks targeting developer tooling, specifically leveraging the high-privilege context of CI/CD pipelines and local build environments. It serves as a stark reminder that even minor utility packages can become vectors for sophisticated, multi-platform espionage, particularly when attackers focus on stealing API keys and cloud credentials rather than just financial theft. Furthermore, the timing relative to npm 12's security updates underscores the importance of upgrading package managers and enforcing strict dependency verification protocols.

Technical Details

  • Delivery Mechanism: A preinstall hook in jscrambler@8.14.0 executes setup.js, which detects the OS, extracts a corresponding native binary from a disguised intro.js container, and runs it in the system temp directory with hidden output.
  • Payload Capabilities: The Rust-based infostealer collects AWS/Azure/GCP credentials, MetaMask/Phantom/Exodus wallet data, Bitwarden vaults, browser cookies, and config files for AI tools like Cursor, VS Code, and Claude Desktop.
  • Advanced Persistence: On Linux, the binary links to the BPF library to load eBPF programs into the kernel memory, providing a deep system foothold beyond standard userspace file access.
  • Anti-Analysis & C2: Windows and macOS builds include anti-debugging checks and establish persistence via hidden scheduled tasks and LaunchAgents. Command-and-control traffic uses TLS and Tor infrastructure, with hardcoded IPs identified by security researchers.
  • Scope: The package sees approximately 15,800 weekly downloads. The attack bypassed normal GitHub release flows, suggesting a compromised maintainer account or build pipeline.

Industry Insight

  • Dependency Pinning & Verification: Organizations must audit lockfiles for any reference to jscrambler@8.14.0 and immediately migrate to 8.15.0 or 8.13.0. Implementing automated dependency scanning that flags unusual install scripts or binary bundling in JS packages is essential.
  • Privilege Separation in CI/CD: Since build environments hold high-value secrets, CI/CD pipelines should operate with least-privilege principles. Regular rotation of cloud keys and AI tool API keys should be treated as a baseline operational procedure, not a reactive measure.
  • Package Manager Adoption: The near-simultaneous release of npm 12 and this attack illustrates the value of adopting security-by-default configurations. Teams should prioritize upgrading to package managers that disable arbitrary script execution by default to mitigate similar preinstall hook attacks.

TL;DR

  • npm 包 jscrambler 的 8.14.0 版本被植入恶意代码,安装时通过 preinstall 钩子释放并执行跨平台 Rust 信息窃取器。
  • 该恶意软件专门针对开发者环境,窃取云凭证、加密货币钱包、浏览器会话及 AI 编码工具(如 Cursor、VS Code)的 API 密钥。
  • 攻击者利用 npm 账户或构建管道漏洞绕过正常发布流程,且在 npm 12 默认禁用安装脚本前仅三天发布,极具针对性。
  • 尽管已发布干净版本 8.15.0,但恶意版本 8.14.0 未被下架,锁定该版本的系统仍面临持续风险。

为什么值得看

此事件揭示了供应链攻击正从大规模广撒网转向高价值、精准打击开发者基础设施的策略,特别是针对包含敏感密钥的 CI/CD 环境。它凸显了即使主流包管理器加强安全限制(如 npm 12 的新策略),历史遗留版本和锁定文件仍可能成为持久威胁,提醒从业者必须严格审查依赖变更及清理缓存。

技术解析

  • 攻击向量:恶意载荷嵌入在 dist/intro.js 中,伪装成 JS 文件实则包含三个平台的原生二进制文件(Linux, Windows, macOS)。安装脚本 setup.js 根据操作系统提取对应二进制,写入临时目录并隐藏执行。
  • 窃取范围:目标包括 AWS/Azure/GCP 元数据端点、MetaMask/Phantom 等加密钱包、Bitwarden 密码库以及 Claude Desktop、Cursor、Zed 等 AI 编程工具的配置文件和 MCP 服务器凭据。
  • 高级特性:Linux 版本利用 eBPF 库加载内核级程序以获取持久立足点;Windows 和 macOS 版本具备反调试功能,并通过隐藏的计划任务和 LaunchAgent 实现重启后持久化。
  • 网络通信:二进制文件将窃取的数据通过 TLS 发送至硬编码的 IP 地址及 Tor 基础设施,命令与控制细节在静态分析中保持加密。

行业启示

  • 依赖锁定与缓存管理至关重要:仅更新 package.json 不够,必须清理 node_modules 和锁文件中的恶意版本,防止旧版本残留导致持续感染。
  • CI/CD 环境是高危靶区:构建环境通常拥有最高权限和大量密钥,供应链攻击应优先监控 CI 日志中的异常进程启动和临时文件写入行为。
  • 安全补丁的滞后性风险:即使官方发布了修复版本,若未强制下架恶意版本,依赖特定版本的自动化流水线仍会持续遭受攻击,需建立主动的版本下架监控机制。

Disclaimer: The above content is generated by AI and is for reference only. 免责声明:以上内容由 AI 生成,仅供参考。

Security 安全 Open Source 开源