Skip to content
  • Blog Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form

React Native Aria Packages Backdoored in Supply Chain Attack

Posted on June 9, 2025June 9, 2025 By CWS

Over the weekend, a number of React Native Aria packages for GlueStack had been backdoored as a part of a provide chain assault.

The focused React Native utility improvement packages, a few of which had not been up to date in years, are extremely in style, having a mixed weekly obtain depend of over a million.

Maintained by GlueStack, the compromised packages embrace react-native-aria/focus, utils, overlays, interactions, toggle, swap, checkbox, radio, button, menu, listbox, tabs, combobox, disclosure, slider, and separator, in addition to gluestack-ui/utils.

Based on Aikido, the assault seems linked to the early-Could compromise of rand-user-agent, during which a risk actor used an outdated automation token that lacked two-factor authentication safety to publish malicious variations of the package deal to the NPM registry.

The malicious rand-user-agent variations would fetch and execute a backdoor named Python3127 PATH Hijack, able to file and folder manipulation, shell command execution, and payload execution.

Now, Aikido recognized an analogous backdoor being delivered within the contemporary provide chain assault, after the attackers hid the malicious code in modified variations of the react-native-aria and gluestack-ui packages utilizing whitespace-based obfuscation, pushing the code off display screen.

The provision chain assault adopted the identical sample because the rand-user-agent incident final month: a public entry token for a certified maintainer’s account was compromised, permitting the attackers to publish modified variations of the 17 packages, the React Native Aria maintainers say.

Nevertheless, they downplayed the assault’s influence, explaining that no code execution may have occurred on customers’ techniques.Commercial. Scroll to proceed studying.

“React Native Aria is a frontend-only library. It doesn’t execute any code in CLI or scripts post-install, that means the chance of the malicious code executing on person techniques is extraordinarily low to none. Based mostly on our present understanding and utilization patterns, no system-level compromises are anticipated,” they clarify.

In response to the assault, the crew deprecated the malicious package deal variations and reverted to wash, verified releases, and launched an audit of entry logs and dependencies.

In addition they revoked all compromised tokens that had entry to NPM, eliminated entry for the affected customers, revoked GitHub entry for non-essential contributors, and enabled 2FA for publishing and GitHub entry.

The maintainers suggest that each one customers examine their package-lock.json or yarn.lock recordsdata to establish compromised package deal variations and instantly replace to verified package deal variations from NPM.

“We perceive how important belief is in open supply. We’re taking this breach very critically, and whereas the influence seems restricted, we’re making long-term safety enhancements throughout our complete ecosystem,” they be aware.

Associated: Malicious NPM Packages Disguised as Categorical Utilities Enable Attackers to Wipe Methods

Associated: Fashionable Scraping Device’s NPM Bundle Compromised in Provide Chain Assault

Associated: Compromised SpotBugs Token Led to GitHub Actions Provide Chain Hack

Security Week News Tags:Aria, Attack, Backdoored, Chain, Native, Packages, React, Supply

Post navigation

Previous Post: Malicious NPM Packages Disguised as Express Utilities Allow Attackers to Wipe Systems
Next Post: Mirai Botnets Exploiting Wazuh Security Platform Vulnerability 

Related Posts

Red Teams Jailbreak GPT-5 With Ease, Warn It’s ‘Nearly Unusable’ for Enterprise Security Week News
Critical Nvidia Toolkit Flaw Exposes AI Cloud Services to Hacking Security Week News
vBulletin Vulnerability Exploited in the Wild Security Week News
HyperBunker Raises Seed Funding to Launch Next-Generation Anti-Ransomware Device Security Week News
Samsung Announces Security Improvements for Galaxy Smartphones Security Week News
Watch Now: CodeSecCon – Where Software Security’s Next Chapter Unfolds (Virtual Event) Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Vidar Stealer Bypassing Browser Security Via Direct Memory Injection to Steal Login Credentials
  • Threat Actors With Stealer Malwares Processing Millions of Credentials a Day
  • New Rust-Based ChaosBot Malware Leverages Discord for Stealthy Command and Control
  • Salt Typhoon Using Zero-Day Exploits and DLL Sideloading Techniques to Attack Organizations
  • Microsoft Enhances Windows Security by Turning Off File Previews for Downloads

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Vidar Stealer Bypassing Browser Security Via Direct Memory Injection to Steal Login Credentials
  • Threat Actors With Stealer Malwares Processing Millions of Credentials a Day
  • New Rust-Based ChaosBot Malware Leverages Discord for Stealthy Command and Control
  • Salt Typhoon Using Zero-Day Exploits and DLL Sideloading Techniques to Attack Organizations
  • Microsoft Enhances Windows Security by Turning Off File Previews for Downloads

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News