Supply Chain Malware Hits Millions Worldwide
Supply chain malware targets users through compromised npm and PyPI packages. Attackers inject malicious code into popular libraries like GlueStack. For example, nearly 1 million weekly downloads carry risks of data theft. This attack, detected on June 6, 2025, affects global ecosystems.
How the Malware Spreads
The malware modifies files like “lib/commonjs/index.js” to enable attacks. It allows shell command execution and file uploads on infected machines. Additionally, it resembles a trojan from a prior npm compromise. Consequently, the same actors may be behind both incidents.
Malware Capabilities and Impact
This trojan supports new commands to harvest system info and IP addresses. Attackers can mine cryptocurrency or shut down services. A report notes its persistence persists even after package updates. Therefore, the threat remains significant for affected users.
Response from Maintainers
Project maintainers revoked the compromised access token. They marked malicious versions as deprecated and urged users to roll back. For instance, react-native-aria packages faced tampering. This action aims to limit further damage from the breach.
New Wiper Threats Emerge
Rogue npm packages like express-api-sync act as wipers. They delete entire directories with commands like “rm -rf *.” Moreover, system-health-sync-api steals data and adjusts deletion based on the OS. These pose unusual sabotage risks with no financial gain.
Credential Harvesting on PyPI
A Python package, imad213, targets Instagram users as a growth tool. It harvests credentials and sends them to bot services. For example, it uses a kill switch to control execution. This trend shows a shift toward social media-targeted attacks.
Broader Supply Chain Risks
The attacks highlight vulnerabilities in open-source ecosystems. Threat actors exploit trusted libraries for sabotage and theft. As a result, developers and users face growing security challenges. This underscores the need for vigilant monitoring.
Preventing Supply Chain Malware Attacks
To stop supply chain attacks, verify package sources before installation. For example, check npm and PyPI for official updates. Use security tools to scan dependencies and enable two-factor authentication. Additionally, monitor threat intelligence for new vulnerabilities. These steps help protect systems from malware and data breaches.
Sleep well, we got you covered.
