Numerous widely-used NPM packages with more than a million installations detected and infected with malware
(Kickin' it old-school style, egghead!)
Oh Boy, 17 NPM Packages with Millions of Weekly Downloads Got Hacked to Deliver a RAT
Quick take: Malware snuck its way deep into 17 popular Gluestack packages, potentially infecting bazillions of projects. Keep your peepers peeled!
Cybersecurity babes Aikido Security recently found some naughty code buried super-deep in 17 top Gluestack packages. Wanna know what's even crazier? These packages together grab more than a million weekly downloads, son! That's a lot of users possibly affected, the experts warned.
Gimme that Malware Code!
Here's the list of the compromised packages, go check 'em out:
- @react-native-aria/button
- @react-native-aria/checkbox
- @react-native-aria/combobox
- @react-native-aria/disclosure
- @react-native-aria/focus
- @react-native-aria/interactions
- @react-native-aria/listbox
- @react-native-aria/menu
- @react-native-aria/overlays
- @react-native-aria/radio
- @react-native-aria/switch
- @react-native-aria/toggle
- @react-native-aria/utils
- @gluestack-ui/utils
- @react-native-aria/separator
- @react-native-aria/slider
- @react-native-aria/tabs
These packages dropped malware code that connected to the bad guys' command-and-control, then got naughty commands like the ability to upload single or multiple files, execute Windows PATH hijacking, and override legitimate python and pip commands silently.
Gluestack Responds!
In response, Gluestack revoked an access token to publish the compromised packages, and all the poisoned tools are now tagged as deprecated on NPM. Here's what a GlueStack developer said on GitHub: "Oops, couldn't unpublish the compromised version because of some dependent packages. In place, I deprecated the affected versions and updated the latest tag to point to a safe, older version."
Are You a Guru? Sign Up for our Pro Newsletter!
Wanna stay in the loop on all the top news, opinions, features, and guidance to make your biz boss? Subscribe now to our Pro newsletter!
Psst... The Node Package Manager (NPM) is the default package manager for the JavaScript runtime environment Node.js. It helps install libraries, share packages with the community, manage dependencies, run scripts, and more. With millions of monthly visitors and hundreds of thousands of registered accounts frequently publishing their packages, it's no surprise threat actors can't resist the lure.
So, cat outta the bag folks! It's a fact—popular platforms like NPM, GitHub, or PyPi can't escape the crushing weight of threat actors.
via BleepingComputer
You Shoulda Seen This Too!
- NPM users warned dozens of malicious packages aim to steal host and network data
- Check out our guide to the best authenticator app
- We've rounded up the best password managers
*The recent hack on 17 NPM packages highlights the importance of cybersecurity in technology, as these compromised packages potentially affected millions of users, delivering malware code that connected to the command-and-control of threat actors.* Cybersecurity enthusiasts can learn from incidents like this, recognizing the dangers in popular platforms like NPM, GitHub, or PyPi, and understanding the need for vigilant practices to protect their systems and data.
