Hidden Malware Discovered in jQuery Migrate: A Stealthy Supply Chain Threat

Hidden Malware Discovered in jQuery Migrate: A Stealthy Supply Chain Threat By Trishaan Kalra · June 18, 2025 Introduction What happens when a trusted open source library becomes a conduit for stealthy malware delivery? That question became reality when the security researchers from the Trellix Advanced Research Centre responded to an incident that began as a simple URL inspection. Our team discovered a sophisticated malware infection chain employing a corrupted version of the jQuery Migrate library during a routine investigation that was prompted by unusual online behavior. The incident began when a senior executive from one of our enterprise clients accessed a seemingly legitimate Middle Eastern business website: _hxxps://tabukchamber[.]sa/wp-content/cache/autoptimize/js/autoptimize_979aed35e1d8b90442a7373c2ef98a82[.]js_ Shortly after this visit, a compromised JavaScript file masquerading as the official jquery-migrate-3.4.1.min.js was silently delivered and executed in the background. Upon analysis, we discovered a weaponized version of a reliable library that had been altered using the popular online malware dissemination tool Parrot Traffic Direction System (TDS). This blog outlines our comprehensive technical analysis of the infected file, the behavior of the injected malware, how Parrot TDS was used as a delivery mechanism, and what organizations should do to protect themselves. Background: What is jQuery migrate? jQuery is one of the most widely adopted…Read More