Key takeaways in 90 seconds:
Credential Theft: Attackers hijacked Jscrambler credentials on NPM to release versions 8.14.0 through 8.20.0 with malicious hooks.
Rust Infostealer: The compromise uses an undocumented preinstall hook to execute a native, cross-platform Rust-based binary payload.
AI Tool Targeting: The malware scans for local folder configurations of Cursor and Claude Desktop, harvesting API keys and developer history.
Structural Flaw: NPM lifecycle scripts execute arbitrary binaries with the same local permissions as the developer running npm install.
Remediation: Upgrade to Jscrambler 8.22.0, enforce ignore-scripts in your global npmrc, and sandbox dependency installations.
[link] [comments]