Bad Dependencies – Episode 2: The React Native Aria Backdoor Meltdown

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/20/69/48/20694887-9f9d-ff51-714f-501bb4159412/mza_8945796113236339360.jpg/600x600bb.jpg

Bad Dependencies Podcast

Mackenzie Jackson

8 episodes

6 days ago

Welcome to Bad Dependencies, the podcast where the digital supply chain gets audited in real-time. Hosted by security researchers Charlie Erikson and Mackenzie Jackson from Aikido Security, this bi-weekly show dives deep into the wildest, weirdest, and most dangerous malware found lurking in package registries like NPM and PyPI. From image-based payloads to AI-generated code noise, nothing is off-limits as Charlie and Mackenzie explore the bleeding edge of software supply chain attacks. Whether you’re a developer, security enthusiast, or just malware-curious, Bad Dependencies will open your ey

Technology

RSS

All content for Bad Dependencies Podcast is the property of Mackenzie Jackson and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_nologo/43802306/43802306-1748868151508-47df53ea4807e.jpg

Bad Dependencies – Episode 2: The React Native Aria Backdoor Meltdown

Bad Dependencies Podcast

16 minutes 11 seconds

4 months ago

Bad Dependencies – Episode 2: The React Native Aria Backdoor Meltdown

In this explosive episode of Bad Dependencies, Mackenzie Jackson and Charlie Eriksen uncover a sophisticated malware campaign that compromised 16 popular npm packages—including libraries under the "react-native-aria" scope. The hosts break down how the breach was discovered, what the payload did, and the widespread implications for the JavaScript ecosystem. From obscure obfuscation tricks to potential state-sponsored tactics, this is a deep dive into one of the most alarming supply chain attacks of 2025. Plus, the duo discusses a case of open-source copycatting following their first episode and gives insight into how threat detection has evolved.00:00 Welcome & Catching Up 01:00 react-native-aria Malware Discovery 05:10 Repeat Offender: The Same Threat Actor 06:30 Offscreen Obfuscation & Reverse Shell Payload 07:40 Potential Fallout 08:50 GitHub Compromises & Wider Infection Vectors 10:30 Who’s Behind It? 11:40 Copycat Incident: The LLM Confusion 13:10 The Power & Risks of Sharing 14:30 Closing Remarks & Threat Feed