Bad Dependencies – Episode 2: The React Native Aria Backdoor Meltdown

In this explosive episode of Bad Dependencies, Mackenzie Jackson and Charlie Eriksen uncover a sophisticated malware campaign that compromised 16 popular npm packages—including libraries under the "react-native-aria" scope. The hosts break down how the breach was discovered, what the payload did, and the widespread implications for the JavaScript ecosystem. From obscure obfuscation tricks to potential state-sponsored tactics, this is a deep dive into one of the most alarming supply chain attacks of 2025. Plus, the duo discusses a case of open-source copycatting following their first episode and gives insight into how threat detection has evolved.00:00 Welcome & Catching Up 01:00 react-native-aria Malware Discovery 05:10 Repeat Offender: The Same Threat Actor 06:30 Offscreen Obfuscation & Reverse Shell Payload 07:40 Potential Fallout 08:50 GitHub Compromises & Wider Infection Vectors 10:30 Who’s Behind It? 11:40 Copycat Incident: The LLM Confusion 13:10 The Power & Risks of Sharing 14:30 Closing Remarks & Threat Feed

There are no comments yet.

Please log in to write the first comment.