Malware found in NPM packages with 1 million weekly downloads

Jun 10, 2025

Update 6/8/25: Article updated with new information.

A significant supply chain attack hit NPM after 17 popular Gluestack '@react-native-aria' packages with over 1 million downloads were compromised to include malicious code that acts as a remote access trojan (RAT).

BleepingComputer determined that the compromise began on June 6 at 4:33 PM EST, when a new version of the @react-native-aria/focus package was published to NPM. Since then, 17 of the 20 Gluestack @react-native-aria packages have been compromised on NPM, with the threat actors publishing a new version as recently as two hours ago.

The supply chain attack was discovered by cybersecurity firm Aikido Security, who discovered obfuscated code injected into the lib/index.js file for the following packages:

These packages are very popular, with approximately 1,020,000 weekly downloads, making this a massive supply chain attack that could have widespread consequences.

The malicious code is heavily obfuscated and is appended to the last line of source code in the file, padded with many spaces, so it's not easily spotted when using the code viewer on the NPM site.

Aikido told BleepingComputer that the malicious code is nearly identical to a remote access trojan in another NPM compromise they discovered last month.

The researcher's analysis of the previous campaign explains that the remote access trojan will connect to the attackers' command and control server and receive commands to execute.

These commands include:

The trojan also performs Windows PATH hijacking by prepending a fake Python path (%LOCALAPPDATA%\Programs\Python\Python3127) to the PATH environment variable, allowing the malware to silently override legitimate python or pip commands to execute malicious binaries.

Aikido security researcher Charlie Eriksen has attempted to contact Gluestack about the compromise by creating GitHub issues on each of the project's repositories, but there has not been any response at this time.

"No response from package maintainers (it's morning on a saturday in the US which is prob exactly why its happening now)," Aikido told BleepingComputer.

"NPM we have contacted and reported each package, this is a process that usually takes multiple days for NPM to address though."

Aikido also attributes this attack to the same threat actors who compromised four other NPM packages earlier this week named biatec-avm-gas-station, cputil-node, lfwfinance/sdk, and lfwfinance/sdk-dev.

BleepingComputer reached out to Gluestack about the compromised packages but has not received a reply at this time.

Update 6/8/25: After publishing this story, an additional GlueStack NPM, @react-native-aria/tabs, was discovered to be compromised, raising the total weekly downloads to over 1 million.

GlueStack has now revoked an access token that was used to publish the compromised packages and they are now marked as deprecated on NPM.

"Unfortunately, unpublishing the compromised version wasn’t possible due to dependent packages," a GlueStack developer posted to GitHub.

"As a mitigation, I have deprecated the affected versions and updated the latest tag to point to a safe, older version."

Patching used to mean complex scripts, long hours, and endless fire drills. Not anymore.

In this new guide, Tines breaks down how modern IT orgs are leveling up with automation. Patch faster, reduce overhead, and focus on strategic work -- no complex scripts required.

Supply chain attack hits npm package with 45,000 weekly downloads

Malicious NPM package uses Unicode steganography to evade detection

Malicious PyPI packages abuse Gmail, websockets to hijack systems

AI-hallucinated code dependencies become new supply chain risk

Malicious npm packages posing as utilities delete project directories