合气道安全研究人员发现了针对NPM的新供应链攻击,破坏了16个流行的Gluestack“反应原生咏叹调”套餐,每周下载量超过95万。

🚨 我们的恶意软件智能团队已经检测到针对 npm 上针对 @react@react -native-aria/ 范围的数据包进行主动且持续的攻击。

综合起来,13个受影响的软件包每周下载量超过65万次。

攻击于美国东部时间6月6日下午4点33分开始,对react-native-aria /焦点包进行了恶意更新。攻击者注入了具有远程访问木马(RAT)功能的恶意代码。从那以后,威胁行为者篡改了20个软件包中的16个,继续发布恶意更新。

威胁行为者将恶意代码注入lib/index.js被入侵的软件包的文件。

网络安全公司在他们的恶意软件提要中列出了受损的软件包:https://intel.aikido.dev/?tab=malware。研究人员警告说,攻击仍在进行中,并敦促用户继续关注更新。

威胁行为者将恶意代码注入lib/index.js文件为以下软件包:

BleepingComputer confirmed that the compromised packages have approximately 960,000 weekly downloads.

Aikido Security researchers believe the threat actor behind this supply chain attack is the same they have spotted recently while analyzing a suspicious code in the file dist/index.js of the the package `rand-user-agent`.

“On 5 May, 16:00 GMT+0, our automated malware analysis pipeline detected a suspicious package released, rand-user-agent@1.0.110. It detected unusual code in the package, and it wasn’t wrong. It detected signs of a supply chain attack against this legitimate package, which has about ~45.000 weekly downloads.” wrote the experts. “The payload is quite obfuscated, using multiple layers of obfuscation to hide.” “We’ve got a RAT (Remote Access Trojan) on our hands.”

这次攻击与我们最近记录的威胁行为者所为相同，部署了相同的战术和后门。您可以从我们之前的报道中找到详细信息– Aikido Security (@AikidoSecurity) June 7, 2025

Aikido Security 试图向 Gluestack 通报正在进行的供应链攻击，但尚未收到回复。