Malware found in NPM packages with 1 million weekly downloads

Update 6/8/25: Article updated with new information.

A significant supply chain attack hit NPM after 17 popular Gluestack '@react-native-aria' packages with over 1 million downloads were compromised to include malicious code that acts as a remote access trojan (RAT).

BleepingComputer determined that the compromise began on June 6 at 4:33 PM EST, when a new version of the @react-native-aria/focus package was published to NPM. Since then, 17 of the 20 Gluestack @react-native-aria packages have been compromised on NPM, with the threat actors publishing a new version as recently as two hours ago.

The supply chain attack was discovered by cybersecurity firm Aikido Security, who discovered obfuscated code injected into the lib/index.js file for the following packages:

These packages are very popular, with approximately 1,020,000 weekly downloads, making this a massive supply chain attack that could have widespread consequences.

The malicious code is heavily obfuscated and is appended to the last line of source code in the file, padded with many spaces, so it's not easily spotted when using the code viewer on the NPM site.

Aikido told BleepingComputer that the malicious code is nearly identical to a remote access trojan in another NPM compromise they discovered last month.

The researcher's analysis of the previous campaign explains that the remote access trojan will connect to the attackers' command and control server and receive commands to execute.

These commands include:

• cd - Change current working directory
• ss_dir - Reset directory to script’s path
• ss_fcd:<path> - Force change directory to <path>
• ss_upf:f,d - Upload single file f to destination d
• ss_upd:d,dest - Upload all files under directory d to destination dest
• ss_stop - Sets a stop flag to interrupt current upload process
• Any other input - Treated as a shell command, executed via child_process.exec()

The trojan also performs Windows PATH hijacking by prepending a fake Python path (%LOCALAPPDATA%\Programs\Python\Python3127) to the PATH environment variable, allowing the malware to silently override legitimate python or pip commands to execute malicious binaries.

Aikido security researcher Charlie Eriksen has attempted to contact Gluestack about the compromise by creating GitHub issues on each of the project's repositories, but there has not been any response at this time.

"No response from package maintainers (it's morning on a saturday in the US which is prob exactly why its happening now)," Aikido told BleepingComputer.

"NPM we have contacted and reported each package, this is a process that usually takes multiple days for NPM to address though."

Aikido also attributes this attack to the same threat actors who compromised four other NPM packages earlier this week named biatec-avm-gas-station, cputil-node, lfwfinance/sdk, and lfwfinance/sdk-dev.

BleepingComputer reached out to Gluestack about the compromised packages but has not received a reply at this time.

Update 6/8/25: After publishing this story, an additional GlueStack NPM, @react-native-aria/tabs, was discovered to be compromised, raising the total weekly downloads to over 1 million.

GlueStack has now revoked an access token that was used to publish the compromised packages and they are now marked as deprecated on NPM.

"Unfortunately, unpublishing the compromised version wasn’t possible due to dependent packages," a GlueStack developer posted to GitHub.

"As a mitigation, I have deprecated the affected versions and updated the latest tag to point to a safe, older version."

Malicious Browser Extensions Infect Over 700 Users Across Latin America Since Early 2025

Free online web security scanner