More than a dozen widely used Gluestack-related packages on npm, which have collectively amassed almost a million downloads weekly, have been infected with malware as part of a supply chain intrusion initially detected on Friday, The Hacker News reports.
Attackers have compromised the packages with an updated version of the remote access trojan previously injected into the "rand-user-agent" npm package, which has since gained system information and host public IP address harvesting capabilities, according to an Aikido Security analysis. "The potential impact is massive in scale, and the malware's persistence mechanism is particularly concerning attackers maintain access to infected machines even after maintainers update the packages," said Aikido Security researchers. Meanwhile, a study from Socket researchers showed that a malicious PyPI package purporting to be an Instagram growth tool, which has accumulated over 3,000 downloads, has enabled the exfiltration of Instagram credentials to almost a dozen different bot service websites.
Attackers have compromised the packages with an updated version of the remote access trojan previously injected into the "rand-user-agent" npm package, which has since gained system information and host public IP address harvesting capabilities, according to an Aikido Security analysis. "The potential impact is massive in scale, and the malware's persistence mechanism is particularly concerning attackers maintain access to infected machines even after maintainers update the packages," said Aikido Security researchers. Meanwhile, a study from Socket researchers showed that a malicious PyPI package purporting to be an Instagram growth tool, which has accumulated over 3,000 downloads, has enabled the exfiltration of Instagram credentials to almost a dozen different bot service websites.
