Emergence of New Supply Chain Malware Operation Targeting npm and PyPI Ecosystems Affects Millions Worldwide

Cybersecurity researchers have identified a significant supply chain attack targeting multiple packages associated with GlueStack, which has led to the delivery of malware. The threat was introduced through alterations made to “lib/commonjs/index.js,” granting attackers the ability to execute shell commands, capture screenshots, and upload files from infected devices. This attack affects packages that collectively account for nearly 1 million weekly downloads.

The unauthorized access can facilitate a range of malicious activities, including cryptocurrency mining, information theft, and disruption of services. The initial compromise was detected on June 6, 2025.

The following packages and their affected versions have been identified:

– @gluestack-ui/utils version 0.1.16
– @gluestack-ui/utils version 0.1.17
– @react-native-aria/button version 0.2.11
– @react-native-aria/checkbox version 0.2.11
– @react-native-aria/combobox version 0.2.8
– @react-native-aria/disclosure version 0.2.9
– @react-native-aria/focus version 0.2.10
– @react-native-aria/interactions version 0.2.17
– @react-native-aria/listbox version 0.2.10
– @react-native-aria/menu version 0.2.16
– @react-native-aria/overlay version 0.3.16
– @react-native-aria/radio version 0.2.14
– @react-native-aria/slider version 0.2.13
– @react-native-aria/switch version 0.2.5
– @react-native-aria/tabs version 0.2.14
– @react-native-aria/toggle version 0.2.12
– @react-native-aria/utils version 0.2.13

Moreover, the malicious code found within these packages exhibits similarities to a remote access trojan linked to the prior compromise of another npm package, “rand-user-agent,” suggesting that the same threat actors may be responsible. The trojan supports new commands designed to collect system information and retrieve the public IP address of the infected machine.

Project maintainers have since revoked the access token and marked the affected versions as deprecated. Users who may have downloaded these compromised versions are urged to revert to safe versions to minimize exposure to potential threats.

The magnitude of this attack is alarming, particularly given the malware’s persistence, allowing attackers to maintain access to infected systems even after package updates.

In related findings, Socket researchers uncovered two rogue npm packages, “express-api-sync” and “system-health-sync-api,” which masquerade as legitimate tools while deploying destructive features capable of deleting entire application directories. With 112 and 861 downloads respectively before removal, the packages execute malicious code based on the receipt of a hard-coded key, erasing critical data and potentially jeopardizing application integrity.

In parallel, a new Python-based credential harvesting tool named “imad213” has emerged on the Python Package Index (PyPI), posing as an Instagram growth utility. This malware has amassed over 3,242 downloads and employs Base64 encoding to obscure its functionality. Once activated, it solicits Instagram credentials from users, transmitting stolen data to various third-party service providers.

This troubling trend underscores the emphasis on social media-targeted malware and credential laundering, marking a fundamental shift in how threat actors approach system sabotage and data theft.