New Supply Chain Attack Targets GlueStack Packages to Spread Malware

A new supply chain attack has targeted more than a dozen packages associated with GlueStack to distribute malicious software. The malware, introduced through a modification in "lib/commonjs/index.js," allows an attacker to execute shell commands, take screenshots, and download files on infected machines, according to Aikido Security. These packages collectively represent nearly 1 million downloads.