A large-scale software supply chain attack has compromised numerous npm and PyPI packages, potentially impacting millions of developers globally. The malware-laden packages were used to distribute remote access trojans, credential harvesters, and file wipers, threatening both individual users and enterprise systems.
GlueStack Packages Injected with Malware to Hijack Devices
A Cybersecurity firm reported that over a dozen npm packages linked to GlueStack were tampered with via malicious edits to the file lib/commonjs/index.js. The injected code grants attackers remote command execution capabilities, allowing them to take screenshots, exfiltrate files, and run shell commands on compromised systems.
The impacted packages, collectively downloaded nearly 1 million times weekly, include:
- @react-native-aria/checkbox (577 downloads)
- @react-native-aria/focus (951 downloads)
- @react-native-aria/utils (341 downloads)
…and several others
The firm detected the first compromise on June 6, 2025, and stated that the malware resembles the remote access trojan used in last month’s rand-user-agent npm compromise. The updated version of this trojan can now also collect system details and IP addresses, increasing its potential for deeper intrusion.
Backdoors Persist Even After Patches
Though GlueStack maintainers revoked access tokens and deprecated the compromised versions, the firm warns that the malware’s persistence mechanism could allow attackers to retain control even after updates. This raises significant concerns about latent threats within developer environments and continuous integration pipelines.
“The potential impact is massive in scale,” the firm said. “The malware’s ability to persist post-update is particularly concerning.”
New npm Wipers Aim to Destroy Developer Projects
Adding to the concern, Socket discovered two destructive npm packages express-api-sync and system-health-sync-api published under the username “botsailer”. These masquerade as API utilities but contain highly destructive payloads.
express-api-sync executes rm -rf * upon a specific HTTP request, deleting all files recursively from the directory.
system-health-sync-api adapts its deletion commands for Windows and Linux, and also acts as an info stealer using hardcoded SMTP credentials to send stolen data via email.
The latter package registers endpoints like /_/system/health and /_/sys/maintenance to trigger its backdoor commands, revealing a multi-functional attack design more advanced than typical supply chain threats.
PyPI Malware Masquerades as Instagram Growth Tool
Meanwhile, a Python package named imad213 on PyPI has been identified as a credential harvester disguised as an Instagram follower booster. Downloaded over 3,200 times, the tool prompts users for Instagram logins, which are then exfiltrated to ten different bot services, potentially for credential laundering.
The same author IMAD-213 also uploaded:
- taya (930 downloads)
- a-b27 (996 downloads)
- poppo213 (3,165 downloads)
These libraries either harvest additional credentials (Facebook, Gmail, Twitter) or launch DDoS attacks using Apache Bench. A GitHub README misleadingly markets the malware as an “educational” tool, offering a false sense of security while capturing real user data.
The malware also includes a remote kill switch using a Netlify-hosted file, giving attackers the ability to disable or selectively activate the malicious code across systems.
About the author – Ayush Chaurasia is a postgraduate student passionate about cybersecurity, threat hunting, and global affairs. He explores the intersection of technology, psychology, national security, and geopolitics through insightful writing