<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Infostealer on CuraSec</title><link>https://curasec.metacog.co.kr/tags/infostealer/</link><description>Recent content in Infostealer on CuraSec</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Sun, 12 Jul 2026 11:56:34 +0000</lastBuildDate><atom:link href="https://curasec.metacog.co.kr/tags/infostealer/index.xml" rel="self" type="application/rss+xml"/><item><title>jscrambler 8.14.0 npm Supply-Chain Compromise Drops Infostealer</title><link>https://curasec.metacog.co.kr/insights/2026-07-12-compromised-jscrambler-8-14-0-npm-release-drops-rust-infoste/</link><pubDate>Sun, 12 Jul 2026 11:56:34 +0000</pubDate><guid>https://curasec.metacog.co.kr/insights/2026-07-12-compromised-jscrambler-8-14-0-npm-release-drops-rust-infoste/</guid><description>&lt;ul>
&lt;li>&lt;strong>Engineer — Act:&lt;/strong> A preinstall hook in jscrambler 8.14.0 drops and executes a cross-platform native infostealer — this is live supply-chain compromise. Audit all CI/CD pipelines and developer machines for installs of this exact version, remove or pin away from 8.14.0, and treat any affected environment as potentially credential-compromised.&lt;/li>
&lt;li>&lt;strong>SOC/IR — Act:&lt;/strong> Hunt for jscrambler 8.14.0 installs in npm audit logs, CI runner job histories, and artifact caches since July 11, 2026; on affected endpoints look for unexpected native binary drops or executions spawned from the npm install process, as infostealer data exfiltration may have already occurred.&lt;/li>
&lt;li>&lt;strong>Leader — Act:&lt;/strong> Confirm this week whether jscrambler 8.14.0 reached any company build pipeline or developer workstation; if so, treat as a credential-theft incident — initiate credential rotation and brief relevant stakeholders, since infostealers harvest tokens, SSH keys, and secrets stored on the machine.&lt;/li>
&lt;/ul></description></item></channel></rss>