#Malware found in #NPM packages with 1 million weekly downloads (mastodon.thenewoil.org)

submitted 1 month ago by thenewoil@mastodon.thenewoil.org to c/cybersecurity@fedia.io

1 comments fedilink hide all child comments

#Malware found in #NPM packages with 1 million weekly downloads

https://www.bleepingcomputer.com/news/security/supply-chain-attack-hits-gluestack-npm-packages-with-960k-weekly-downloads/

#cybersecurity

top 1 comments

sorted by: hot top controversial new old

[-] fraksken@infosec.pub 1 points 1 month ago

A significant supply chain attack hit NPM after 17 popular Gluestack '@react-native-aria' packages with over 1 million downloads were compromised to include malicious code that acts as a remote access trojan (RAT).

BleepingComputer determined that the compromise began on June 6 at 4:33 PM EST, when a new version of the @react-native-aria/focus package was published to NPM. Since then, 17 of the 20 Gluestack @react-native-aria packages have been compromised on NPM, with the threat actors publishing a new version as recently as two hours ago.

this post was submitted on 10 Jun 2025

11 points (100.0% liked)

Cybersecurity

2 readers

4 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

founded 2 years ago

MODERATORS

shellsharks@fedia.io

tweedge@fedia.io