NPM Supply Chain Attack: Gluestack Packages Infected with Sneaky RAT Malware!
A supply chain attack has hit NPM, compromising 16 Gluestack “react-native-aria” packages, including the popular react-native-aria/focus. These packages, with almost a million weekly downloads, now contain malicious code acting as a remote access trojan. As the trojan takes control, it seems Gluestack is still hitting the snooze button.
Hot Take:
**_Well, if you ever needed an excuse to stop saying “there’s an app for that,” now you have it. With nearly a million weekly downloads of compromised packages, it looks like RATs aren’t just scuttling around your attic anymore; they’re having a cyber fiesta in your NPM packages. Gluestack’s packages are so popular, even hackers couldn’t resist an RSVP._**
Key Points:
– Sixteen popular Gluestack ‘react-native-aria’ packages were compromised with malicious code, acting as a remote access trojan (RAT).
– The attack began on June 6, with 950,000 weekly downloads affected, reaching a tech-savvy audience faster than cat videos on YouTube.
– Aikido Security discovered the attack, noting the malicious code is heavily obfuscated and dressed to impress with extra spaces for stealth.
– The trojan is capable of executing various commands, including changing directories and uploading files, thanks to its stellar remote control skills.
– The same threat actors have been linked to previous NPM compromises, making them the cyber equivalent of a repeat offender.