Experts have detected computer viruses in the software supply chain of famous packages, which can cause data and system theft, and stealing users’ login details in open-source ecosystems.

Experts in cybersecurity found that cybercriminals have attacked the environment used by npm packages linked with GlueStack, reaching almost one million users per week. Through lib/commonjs/index.js, attackers can run commands on the victim’s system, take screenshots, and steal information stored on the infected devices.

Such a cybersecurity breach makes it possible for people to carry out unauthorized activities such as cryptocurrency mining, theft of important data, and disrupting key services. The attack was first noticed on June 6, 2025, so the maintainer team took away access tokens and marked the involved packages as deprecated.

The discovery of two unauthorized npm packages, express-api-sync and system-health-sync-api, that aim to remove all application files and take users’ information introduced additional cybersecurity issues. As these problematic packages use the SMTP approach for different data theft methods, they become more challenging for traditional firewalls to recognize.

Besides, an Instagram growth tool built in Python on PyPI has been found to steal user login information and post it to many bot services. This situation points out how now threat actors are working to cause harm to computer systems and data.

It is recommended by experts that developers check all dependencies for vulnerabilities, don’t download anything suspicious, and carry out updates or rollbacks whenever open-source software ecosystems are compromised.