Popular NPM packages with over a million downloads hit by malware
techradar.com
- 17 NPM packages with more than a million weekly downloads were compromised to deliver a RAT
- The attack could turn into a major supply chain attack, experts warned
- The packages were since deprecated, but users should be on their guard
More than a dozen packages on NPM were poisoned with a Remote Access Trojan (RAT), possibly infecting millions of projects.
Cybersecurity researchers Aikido Security recently discovered malicious code buried very deep in 17 popular Gluestack packages.
The packages cumulatively have more than a million downloads weekly, meaning huge amounts of users could possibly be affected, the experts warned.
Revoking access tokens
Here is the full list of compromised packages:
- @react-native-aria/button
- @react-native-aria/checkbox
- @react-native-aria/combobox
- @react-native-aria/disclosure
- @react-native-aria/focus
- @react-native-aria/interactions
- @react-native-aria/listbox
- @react-native-aria/menu
- @react-native-aria/overlays
- @react-native-aria/radio
- @react-native-aria/switch
- @react-native-aria/toggle
- @react-native-aria/utils
- @gluestack-ui/utils
- @react-native-aria/separator
- @react-native-aria/slider
- @react-native-aria/tabs
The packages deployed malicious ...
Copyright of this story solely belongs to techradar.com . To see the full text click HERE