Supply chain malware targeting npm and PyPI packages

Cybersecurity experts have uncovered a significant supply chain attack affecting numerous packages associated with GlueStack, enabling the distribution of malware. This malware, introduced through changes to "lib/commonjs/index.js," allows attackers to execute shell commands, capture screenshots, and upload files from compromised devices. Aikido Security reports that these packages collectively receive nearly 1 million downloads weekly.

The unauthorized access could lead to various malicious activities, including cryptocurrency mining, data theft, and service disruptions. The first instance of this compromise was detected on June 6, 2025.

The affected packages include:

@gluestack-ui/utils version 0.1.16 @gluestack-ui/utils version 0.1.17 @react-native-aria/button version 0.2.11 @react-native-aria/checkbox version 0.2.11 @react-native-aria/combobox version 0.2.8 @react-native-aria/disclosure version 0.2.9 @react-native-aria/focus version 0.2.10 @react-native-aria/interactions version 0.2.17 @react-native-aria/listbox version 0.2.10 @react-native-aria/menu version 0.2.16 @react-native-aria/overlay version 0.3.16 @react-native-aria/radio version 0.2.14 @react-native-aria/slider version 0.2.13 @react-native-aria/switch version 0.2.5 @react-native-aria/tabs version 0.2.14 @react-native-aria/toggle version 0.2.12 @react-native-aria/utils version 0.2.13 The malicious code resembles a remote access trojan previously delivered through the npm package "rand-user-agent," indicating a possible connection between the threat actors. This trojan has been updated to include commands for gathering system information and retrieving the public IP address.

In response, project maintainers have revoked access tokens and deprecated the compromised versions. Users are advised to revert to secure versions to mitigate risks, as the malware's persistence mechanism allows attackers to maintain access even after updates.

Malicious npm Packages Introduce Destructive Features In a related finding, Socket has identified two malicious npm packages—express-api-sync and system-health-sync-api—that masquerade as legitimate utilities but contain destructive wipers capable of erasing entire application directories. These packages were published by the account "botsailer" and were downloaded 112 and 861 times, respectively, before being removed.

The express-api-sync package claims to synchronize data between databases but executes malicious code upon receiving a specific HTTP request, triggering a command that deletes all files in the current directory. The second package functions as both an information stealer and a wiper, adjusting its deletion commands based on the operating system.

These packages utilize email as a covert communication channel, sending sensitive information to an attacker-controlled mailbox. The use of SMTP for data exfiltration is particularly concerning, as it can evade detection by firewalls.

PyPI Package Masquerades as Instagram Growth Tool to Steal Credentials Additionally, a new Python-based credential harvester named imad213 has been discovered on the Python Package Index (PyPI), posing as an Instagram growth tool. This package has been downloaded 3,242 times and employs Base64 encoding to hide its true purpose. It prompts users for their Instagram credentials and sends them to multiple third-party bot services.

The package was uploaded by a user known as IMAD-213, who has also uploaded other malicious packages targeting various social media platforms. The README.md document for imad213 misleadingly claims the library is for "educational and research purposes."

Once activated, the malware checks a control file and prompts users for their credentials, which are then saved and sent to dubious websites. This trend highlights the growing concern of credential laundering, where stolen logins are distributed across multiple services to obscure their origin.

In summary, the recent discoveries of malware in npm and PyPI ecosystems underscore the increasing sophistication of supply chain attacks, posing significant risks to developers and users alike.