Do Son 
A large-scale supply chain attack has been identified on the NPM platform: threat actors compromised 17 widely used packages from the Gluestack @react-native-aria family, embedding malicious code within them. These packages are integral to mobile development and collectively receive over one million downloads per week, making this incident one of the most significant supply chain compromises of 2025.
The injection of malicious code began on June 6, when a new version of the package @react-native-aria/focus was published. From that point onward, the attackers systematically released infected updates for 16 additional components of the library.
The compromise was discovered by researchers at Aikido Security, who found a concealed fragment of malicious JavaScript appended to the end of the lib/index.js file. The code had been obfuscated and padded with whitespace, making it difficult to detect via NPM’s web interface.
Upon analysis, the injected code was revealed to function as a Remote Access Trojan (RAT), establishing communication with a command-and-control server operated by the attackers. It is capable of executing a variety of remote commands, including changing the working directory, uploading files or folders, halting data transmission, and executing arbitrary shell commands through child_process.exec().
A particularly insidious aspect of this RAT is its manipulation of the PATH environment variable on Windows systems. It substitutes the legitimate Python path with a counterfeit one (%LOCALAPPDATA%\Programs\Python\Python3127), allowing malicious binaries to be executed in place of genuine Python tools or pip, without the user’s awareness.
As of publication, the attack has impacted the following packages:
@react-native-aria/button, checkbox, combobox, disclosure, focus, interactions, listbox, menu, overlays, radio, switch, toggle, utils, separator, slider, tabs, as well as @gluestack-ui/utils. The combined weekly download count of these packages was approximately 1.02 million at the time of the attack.
According to Aikido, the malicious implementation bears a strong resemblance to a previous campaign executed by the same adversaries just a month prior—again involving a RAT with similar command capabilities.
Despite numerous attempts to contact the Gluestack team via GitHub, no response was received. NPM was also notified, though Aikido noted that its validation and response processes typically take several days.
Furthermore, the current operation has been linked to the recent compromise of four additional packages: biatec-avm-gas-station, cputil-node, lfwfinance/sdk, and lfwfinance/sdk-dev, confirming that the same threat group is likely behind all incidents.
On June 8, it was revealed that yet another package, @react-native-aria/tabs, had been infected, expanding the reach of the attack and pushing the total download count well beyond one million. Gluestack has since issued a statement: the compromised token has been revoked, infected versions were marked as deprecated, and the latest tag was redirected to a safe earlier build. However, complete removal of the tainted versions proved impossible due to interdependencies among packages.
This incident starkly illustrates the inherent fragility of open source ecosystems—particularly when library updates are automated. A single, seemingly minor modification in one package can serve as the vector for a sweeping campaign of espionage or sabotage, affecting thousands of projects across the globe.
Donate