Friday, 12 September 2025
Trending
Why Are Rabbits Sprouting Tentacles? How to protect yourself from Vibrio vulnificus, the bacteria found in some coastal waters Hurricane Erin tracker: Latest path, maps for 1st hurricane of Atlantic season This Anker 3-in-1 wireless charging station is down to a record-low price Pediatric group issues COVID-19 vaccine guidance for kids, which differs from CDC
Celebrities

Lola Young is 'more empathetic' since battling addiction

1
0
Share
US Politics

National Guard heading to Memphis as Trump expands anti-crime efforts

0
0
Share
Technology

A deeper dive into the iPhone 17 and iPhone Air

1
0
Share
Technology

Microsoft escapes EU antitrust fine after unbundling Teams

5
0
Share
News

Colorado River can't keep up with demand, a new study says, and needs immediate help

6
0
Share
Technology

Apple Watch Series 11 receives FDA approval for hypertension alerts

6
0
Share
Science

Sunrise over NASA's 'quiet' supersonic X-59 jet photo of the day for Sept. 12, 2025

1
0
Share
Finance

Microsoft resolves European Union probe into Teams

2
0
Share
Technology

Man gets over 4 years in prison for selling unreleased movies

10
0
Share
Science

Scientists develop 'full-spectrum' 6G chip that could transfer data at 100 gigabits per second — 10,000 times faster than 5G

6
0
Share
Fashion

Ed Sheeran launches fashion collection

9
0
Share
Technology

HBO Max is going to get more expensive

10
0
Share
Fashion

Naomi Ackie downsizing her wardrobe

7
0
Share
Health

Schumer warns of a shutdown if Republicans don’t accept Democrats’ health care demands

6
0
Share
US Politics

FEMA worker put on leave for slamming half-staff honor for Charlie Kirk

7
0
Share
News

German and British Hospitals Show Promise for Tech Adoption

1
0
Share
Entertainment

Joel Edgerton admits he ‘never thought of myself as talented’

9
0
Share
US Politics

Mamdani holds large lead over Cuomo, rest of field, in NYC mayoral race

8
0
Share
US Politics

Trans locker room fight in Virginia escalates to federal court after families sue

8
0
Share
World News

At least 89 Christians slaughtered by ISIS-linked terrorists in DR Congo

8
0
Share
Science

NASA’s JWST Hunts Dark Matter in Stunning Image of Bullet Cluster

5
0
Share
Entertainment

Biffy Clyro to play intimate London concert to mark release of new album Futique

1
0
Share
Automotive

Toyota turns to Huawei and Xiaomi for new bZ7 electric sedan in China

8
0
Share
World News

South African rapist loses bid to block Netflix film about his life

7
0
Share
Science

Never-before-seen adorable pink bumpy snailfish with funny little beard filmed in deep canyon off California coast

9
0
Share
Celebrities

Shaquille O'Neal 'checks in on 'Kobe Bryant's mom every month

8
0
Share
Celebrities

Bryan cranston encouraged to try magic mushrooms by Seth Rogen

9
0
Share
Celebrities

Benson Boone seemingly hints at Maggie Thurmon split

9
0
Share
Celebrities

Liam Hemsworth and Gabrielle Brooks engaged

7
0
Share
Science

New 'quasi-moon' discovered in Earth orbit may have been hiding there for decades

8
0
Share

Technology

Supply chain attack hits Gluestack NPM packages with 960K weekly downloads

13
Share
NPM

A significant supply chain attack hit NPM after 16 popular Gluestack ‘react-native-aria’ packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT).

BleepingComputer determined that the compromise began on June 6 at 4:33 PM EST, when a new version of the react-native-aria/focus package was published to NPM. Since then, 16 of the 20 Gluestack react-native-aria packages have been compromised on NPM, with the threat actors publishing a new version as recently as two hours ago.

Ongoing compromise of NPM packages
Ongoing compromise of NPM packages
Source: BleepingComputer

The supply chain attack was discovered by cybersecurity firm Aikido Security, who discovered obfuscated code injected into the lib/index.js file for the following packages:


















Package Name Version Weekly Downloads
react-native-aria/button 0.2.11 51,000
react-native-aria/checkbox 0.2.11 81,000
react-native-aria/combobox 0.2.10 51,000
react-native-aria/disclosure 0.2.9 3
react-native-aria/focus 0.2.10 100,000
react-native-aria/interactions 0.2.17 125,000
react-native-aria/listbox 0.2.10 51,000
react-native-aria/menu 0.2.16 22,000
react-native-aria/overlays 0.3.16 96,000
react-native-aria/radio 0.2.14 78,000
react-native-aria/switch 0.2.5 477
react-native-aria/toggle 0.2.12 81,000
react-native-aria/utils 0.2.13 120,000
gluestack-ui/utils 0.1.17 55,000
react-native-aria/separator 0.2.7 65
react-native-aria/slider 0.2.13 51,000

These packages are very popular, with approximately 960,000 weekly downloads, making this a supply chain attack that could have widespread consequences.

The malicious code is heavily obfuscated and is appended to the last line of source code in the file, padded with many spaces, so it’s not easily spotted when using the code viewer on the NPM site.

Malicious code added to end of index.js file
Malicious code added to end of index.js file
Source: BleepingComputer

Aikido told BleepingComputer that the malicious code is nearly identical to a remote access trojan in another NPM compromise they discovered last month.

The researcher’s analysis of the previous campaign explains that the remote access trojan will connect to the attackers’ command and control server and receive commands to execute.

These commands include:

  • cd – Change current working directory

  • ss_dir – Reset…

Click Here to Read the Full Original Article at BleepingComputer…

13
Share