Triple Threat: Supply Chain Attacks Target Popular Development Libraries

Security researchers at Aikido Security have uncovered a sophisticated supply chain attack that compromised more than a dozen packages linked to GlueStack, collectively serving nearly one million downloads per week. The attack was first identified on June 6, 2025, at 9:33 p.m. GMT.

The malicious code was embedded through modifications to "lib/commonjs/index.js" files, granting attackers extensive system access including the ability to execute shell commands, capture screenshots, and extract files from compromised systems. This level of access opens the door for various malicious activities ranging from cryptocurrency mining to data theft and service disruption.

The compromised packages span the @gluestack-ui and @react-native-aria ecosystems, with affected versions including:

• @gluestack-ui/utils (versions 0.1.16 and 0.1.17)
• Multiple @react-native-aria packages including button, checkbox, focus, overlay, and others

Investigators noted similarities between this malware and a remote access trojan discovered in the "rand-user-agent" npm package compromise from the previous month, suggesting the same cybercriminal group may be responsible. The updated version includes enhanced capabilities to collect system information and identify public IP addresses of infected hosts.

Project maintainers have responded by revoking compromised access tokens and deprecating the malicious package versions. However, the persistence mechanisms built into the malware mean that infected systems may remain compromised even after package updates.

Destructive npm Packages Discovered with Wiper Capabilities

In a separate but equally concerning development, Socket researchers identified two malicious npm packages designed specifically for system destruction rather than traditional data theft or cryptocurrency mining.

The packages, "express-api-sync" and "system-health-sync-api," were published by an account called "botsailer" and downloaded 112 and 861 times respectively before removal. These packages represent a concerning shift toward sabotage-focused attacks that offer no apparent financial benefit to attackers.

Express-API-Sync masquerades as a database synchronization tool but contains a devastating payload. When activated by an HTTP request containing the hardcoded key "DEFAULT_123," it executes the Unix command "rm -rf *" to permanently delete all files in the current directory and subdirectories.

System-Health-Sync-API demonstrates more sophisticated functionality, combining information gathering with platform-aware destruction capabilities. It adapts its deletion commands based on the operating system - using "rd /s /q ." for Windows systems and "rm -rf *" for Linux environments.

This package employs email as a covert communication channel, connecting to attacker-controlled email accounts using hardcoded SMTP credentials. The system sends detailed reports about compromised systems to "anupm019@gmail.com," potentially exposing internal infrastructure details and development environments.

The malware establishes multiple endpoints for triggering its destructive payload, including "//system/health" and "//sys/maintenance," with the latter serving as a backup mechanism if the primary backdoor is detected.

Python Package Targets Instagram Users Through Fake Growth Tool

Complementing these npm-focused attacks, researchers discovered a Python-based credential harvesting operation on the Python Package Index (PyPI). The "imad213" package, downloaded over 3,200 times, presents itself as an Instagram growth tool while secretly collecting user credentials.

Created by user "im_ad__213" (also known as IMAD-213), who joined PyPI in March 2025, this malware represents part of a broader campaign. The threat actor has published four packages total, targeting various social media platforms and conducting DDoS attacks:

• imad213: Instagram credential harvester (3,242 downloads)
• taya: Multi-platform credential stealer targeting Facebook, Gmail, Twitter, and VK (930 downloads)
• a-b27: Similar credential harvesting capabilities (996 downloads)
• poppo213: DDoS tool targeting streaming platforms (3,165 downloads)

The Instagram-focused malware incorporates several sophisticated elements, including a remote kill switch hosted on Netlify that allows the attacker to control which instances remain active. Users are prompted to enter Instagram credentials under the guise of follower growth services, with stolen credentials then distributed across ten different bot service websites.

Particularly concerning is the "deceptive safety tip" included in the package documentation, which encourages users to create temporary Instagram accounts - creating a false sense of security while users unknowingly provide valid credentials to attackers.

Implications and Defense Strategies

These incidents highlight the evolving threat landscape facing software developers and organizations relying on open-source packages. The shift toward destructive rather than purely profit-driven attacks suggests threat actors are expanding their objectives beyond traditional financial gain.

The use of legitimate communication channels like SMTP for data exfiltration demonstrates increasing sophistication, as such traffic typically bypasses standard security controls. Similarly, the implementation of remote control mechanisms and platform-aware payloads indicates professional-level threat development.

Organizations should implement robust package verification processes, maintain updated inventories of dependencies, and establish monitoring systems for detecting unusual package behavior in production environments.