gluestack A.I CyberSecurity Scoring
gluestack
Company Information
Website:https://gluestack.io/
Employees number:1
Number of followers:613
NAICS:5112
Industry Type:Software Development
Homepage:gluestack.io
gluestack Risk Score (AI oriented)
Between 700 and 749
gluestackSoftware Development
Updated:
12/05/2026
12/05/2026
736/1000
Moderate
Ba
gluestack Global Score (TPRM)
xxxx
gluestackSoftware Development
Score locked

gluestackModerate
Current Score
736Ba (MODERATE)
01000
1 incidents
0 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
737
JUNE 2026
736
MAY 2026
736
APRIL 2026
736
MARCH 2026
735
FEBRUARY 2026
735
JANUARY 2026
734
DECEMBER 2025
734
NOVEMBER 2025
733
OCTOBER 2025
733
SEPTEMBER 2025
732
AUGUST 2025
732
JUNE 2025
749
Cyber Attack
06 Jun 2025 • gluestack
GlueStack and npm: New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally
Supply Chain Attack Targets GlueStack and npm Packages, Delivering Malware and Wiper Malware
730
CRITICAL-19
NPMGLU1778552678
Supply Chain Attack Targets GlueStack and npm Packages, Delivering Malware and Wiper Malware
Cybersecurity researchers have uncovered a supply chain attack targeting GlueStack and other npm packages, delivering malware capable of executing shell commands, capturing screenshots, and exfiltrating files. The attack, detected by Aikido Security, affected 13 packages under the `@gluestack-ui` and `@react-native-aria` namespaces, collectively accounting for nearly 1 million weekly downloads.
The compromise began on June 6, 2025, when attackers modified the `lib/commonjs/index.js` file in affected versions. The malware, an updated remote access trojan (RAT), includes new commands (`ss_info` and `ss_ip`) to harvest system data and public IP addresses. Researchers noted similarities to a previous attack on the `rand-user-agent` npm package, suggesting the same threat actors may be responsible.
The GlueStack maintainers confirmed that a compromised access token belonging to a contributor allowed the malicious updates. While the affected packages have been deprecated, the malware’s persistence mechanism raises concerns, as it could maintain access even after updates. The maintainers have since revoked non-essential contributor access and enforced two-factor authentication (2FA).
In a separate discovery, Socket identified two rogue npm packages `express-api-sync` and `system-health-sync-api` designed to wipe application directories. Published under the account `botsailer`, the packages were downloaded 112 and 861 times, respectively, before removal.
- `express-api-sync` masquerades as a database sync tool but executes `rm -rf *` upon receiving a hard-coded key (`DEFAULT_123`), deleting all files in the current directory.
- `system-health-sync-api` is more sophisticated, acting as both an information stealer and wiper, with OS-specific deletion commands. It exfiltrates data via SMTP email, using hard-coded credentials (`auth@corehomes[.]in`) to send system details to the attacker.
Additionally, PyPI saw the emergence of `imad213`, a Python-based credential harvester posing as an Instagram growth tool. Downloaded 3,242 times, the package prompts users for Instagram credentials, which are then sent to 10 third-party bot services. The malware includes a remote kill switch hosted on Netlify, allowing the attacker to disable it remotely. The same threat actor (`IMAD-213`) has uploaded three other malicious packages targeting Facebook, Gmail, Twitter, and VK credentials, as well as a DDoS tool (`poppo213`).
These incidents highlight an evolving threat landscape, where attackers are expanding beyond cryptocurrency theft to system sabotage and credential laundering, leveraging supply chain vulnerabilities for broader impact.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for gluestack ??
What was gluestack's A.I Rankiteo Cyber Score in June 2026 ??
What was gluestack's A.I Rankiteo Cyber Score in May 2026 ??
What was gluestack's A.I Rankiteo Cyber Score in April 2026 ??
What was gluestack's A.I Rankiteo Cyber Score in March 2026 ??
What was gluestack's A.I Rankiteo Cyber Score in February 2026 ??
What was gluestack's A.I Rankiteo Cyber Score in January 2026 ??
What was gluestack's A.I Rankiteo Cyber Score in December 2025 ??
What was gluestack's A.I Rankiteo Cyber Score in November 2025 ??
What was gluestack's A.I Rankiteo Cyber Score in October 2025 ??
What was gluestack's A.I Rankiteo Cyber Score in September 2025 ??
What was gluestack's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on gluestack's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with gluestack ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view gluestack's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?