gluestack-ui packages shipped malware
A leaked npm token let attackers publish 17 malicious React Native ARIA and gluestack-ui packages. The code carried obfuscated RAT behavior but was contained quickly.
Story
On June 6, 2025, an attacker holding a leaked npm token began publishing malicious releases under the React Native ARIA and gluestack-ui namespaces, a popular set of accessibility primitives and UI components for React Native applications. Over the next two days, 17 package versions with more than one million combined weekly downloads carried obfuscated remote-access code.
The series began with @react-native-aria/focus version 0.2.10 and expanded the following day across @react-native-aria/utils, overlays, interactions, toggle, switch, checkbox, radio, button, menu, listbox, tabs, combobox, disclosure, slider, separator, and @gluestack-ui/utils. Because the attacker republished existing package names rather than typosquats, normal dependency resolution delivered the poisoned versions to any project that fetched a fresh install.
Researchers at Aikido, who first disclosed the activity, said the payload used the same obfuscation pattern they had flagged a month earlier in rand-user-agent (see [[rand-user-agent]]): whitespace hiding to push payload off the visible page, encoded JavaScript, fake Python persistence paths, host metadata harvesting, and a command-execution channel. The samples beaconed to 136.0.9.8 and 85.239.62.36, the latter being the same C2 address used in the rand-user-agent campaign.
Gluestack said in its public incident report that the compromise traced to an npm publishing token that had not been protected with two-factor authentication. After Aikido's disclosure the project revoked tokens, deprecated the affected versions, tightened publishing access, and shipped clean replacements. Gluestack reported no confirmed system-level compromises or data exfiltration from downstream consumers, though given the install-time exposure, anyone who ran a build during the window should treat any reachable credentials as suspect.
Affected Artifacts
- Observed
- 2025-06-06 to 2025-06-08
- Compromised Versions
- Fixed
- Not listed
- Observed
- 2025-06-07 to 2025-06-08
- Compromised Versions
- Fixed
- Not listed
- Observed
- 2025-06-07 to 2025-06-08
- Compromised Versions
- Fixed
- Not listed
- Observed
- 2025-06-07 to 2025-06-08
- Compromised Versions
- Fixed
- Not listed
- Observed
- 2025-06-07 to 2025-06-08
- Compromised Versions
- Fixed
- Not listed
- Observed
- 2025-06-07 to 2025-06-08
- Compromised Versions
- Fixed
- Not listed
- Observed
- 2025-06-07 to 2025-06-08
- Compromised Versions
- Fixed
- Not listed
- Observed
- 2025-06-07 to 2025-06-08
- Compromised Versions
- Fixed
- Not listed
- Observed
- 2025-06-07 to 2025-06-08
- Compromised Versions
- Fixed
- Not listed
- Observed
- 2025-06-07 to 2025-06-08
- Compromised Versions
- Fixed
- Not listed
- Observed
- 2025-06-07 to 2025-06-08
- Compromised Versions
- Fixed
- Not listed
- Observed
- 2025-06-07 to 2025-06-08
- Compromised Versions
- Fixed
- Not listed
- Observed
- 2025-06-07 to 2025-06-08
- Compromised Versions
- Fixed
- Not listed
- Observed
- 2025-06-07 to 2025-06-08
- Compromised Versions
- Fixed
- Not listed
- Observed
- 2025-06-07 to 2025-06-08
- Compromised Versions
- Fixed
- Not listed
- Observed
- 2025-06-07 to 2025-06-08
- Compromised Versions
- Fixed
- Not listed
- Observed
- 2025-06-07 to 2025-06-08
- Fixed
- Not listed
Incident Context
- Motive
- Remote Access
- Cause
- Compromised Credentials
- Transitive
- No
- User Impact
- 1000000
External References
- Lessons from the gluestack supply-chain attackscanoss.com
- Active NPM Attack Escalates - 16 React Native Packages for GlueStack Backdoored Overnightaikido.dev
- React Native ARIA and gluestack-ui Security Incident Reportgluestack.io
- Popular React Native ARIA and GlueStack packages compromised in supply chain attackthehackernews.com
Source record: oss/attacks/gluestack-ui/meta.yaml