NPM Nightmare: Gluestack Packages Under Siege in Massive Supply Chain Attack!
A supply chain attack on NPM has compromised 16 Gluestack packages, affecting over 950K weekly downloads. Threat actors injected a Remote Access Trojan, targeting the ‘react-native-aria’ packages. Researchers warn the attack is ongoing, urging users to stay vigilant. It’s like finding a Trojan horse in your horse-drawn app cart.
Hot Take:
Looks like Gluestack’s packages just got a sticky situation—no thanks to the hackers who decided to play Cyber Jenga with their downloads! With 950K weekly downloads at stake, someone definitely needs to get their act together before the entire stack topples over. Time to call in the digital exterminators and rid these packages of their RAT infestation!
Key Points:
- 16 popular Gluestack packages on NPM compromised, affecting over 950K weekly downloads.
- Attackers injected Remote Access Trojan (RAT) into the packages, with malicious updates still ongoing.
- The initial attack began on June 6, targeting the ‘react-native-aria/focus’ package.
- Aikido Security believes the attack is linked to the same threat actors from a previous incident.
- Gluestack has yet to respond to Aikido Security’s notification about the attack.
Already a member? Log in here