Two Popular Coding Tools Poisoned With Malware in Back-to-Back Supply Chain Attacks

Criminals hijacked developer credentials to slip malicious code into widely used JavaScript packages, putting any computer that installed them at serious risk.

ThreatVectr Newsdesk· 3 min read
Extreme close-up of a glowing green terminal screen filled with cascading lines of package dependency text and vulnerability identifiers, shot from a low angle
Share

Key points

  • Attackers published at least nine poisoned versions of JavaScript packages across the AsyncAPI and Jscrambler projects between 11 July and 15 July 2025.
  • The AsyncAPI breach began at 05:08 UTC on 15 July when criminals used a known flaw in an automated build process to steal a secret token and push malicious code.
  • The Jscrambler breach started 11 July after attackers obtained a publishing credential, though exactly how that credential was stolen remains unclear.
  • The malware embedded in both sets of packages targets saved browser passwords, cryptocurrency wallets, SSH keys (digital keys used to log into servers), and cloud credentials for services including AWS, Azure, and Google Cloud.
  • Security researchers say any developer machine that installed a poisoned package should be completely rebuilt from scratch, and all passwords, tokens, and keys used on that machine should be changed immediately.

Two open-source software projects that many professional software developers rely on were each secretly loaded with malware within days of each other, in what security teams are calling a pair of software supply chain attacks. A supply chain attack is when criminals target the tools or ingredients a developer uses to build software, rather than attacking the finished product directly. Poisoning a popular package is efficient: one successful attack can reach thousands of developers at once.

The affected packages are distributed through npm, which is a free online library where developers download ready-made code to use in their own projects. Criminals inserted hidden malicious code into specific versions of packages belonging to AsyncAPI, an open-source toolkit used to design certain types of software connections, and Jscrambler Code Integrity, a security library used to protect web and mobile applications.

How did the hackers get in?

The two attacks used different doors. For AsyncAPI, criminals exploited a configuration weakness in GitHub Actions, the automated system that tests and publishes code changes. The flaw, which had been reported back in April and had a proposed fix sitting unreviewed since May, meant that when anyone submitted a code change for review, the automated system would run that code with full access to the project's secret passwords and keys. At 05:08 UTC on 15 July, an attacker submitted an innocent-looking text file that actually contained hidden JavaScript code buried under roughly 1,000 blank characters. That hidden code grabbed a service account's secret token and used it to push malicious code into two project repositories, which then automatically built and published the poisoned npm packages.

For Jscrambler, the entry point was simpler: criminals somehow obtained a credential that allowed direct publishing to npm. Jscrambler confirmed this in its public advisory but has not yet explained how the credential was exposed.

The malware hidden inside the packages, which shares some code patterns with a known framework called Miasma, downloads a second-stage program targeting Linux, Windows, and macOS computers equally. According to analysis first reported by CSO Online and confirmed by researchers at Socket.dev, Wiz, and Upwind, the payload hunts for browser-saved passwords, cryptocurrency wallet extensions, API keys from AI coding tools, cloud account credentials, messaging app tokens for services like Discord and Slack, and SSH keys.

The poisoned package versions are: jscrambler 8.14.0, 8.16.0, 8.17.0, 8.18.0, and 8.20.0; @asyncapi/generator-helpers 1.1.1; @asyncapi/generator-components 0.7.1; @asyncapi/generator 3.3.1; and @asyncapi/specs 6.11.2. Secondary packages that list these as dependencies, including jscrambler-webpack-plugin 8.6.2 and gulp-jscrambler 8.6.2, may also carry the infection.

If you are a developer who installed any of these versions, researchers advise rebuilding your machine entirely from a clean backup and rotating every credential that machine ever touched.

© 2026 Threat Vectr