Glassworm Hits Popular React Native Packages With Credential-Stealing npm Malware A coordinated supply chain attack struck the developer community on March 16, 2026, when a threat actor known as Glassworm backdoored two widely used React Native npm packages, turning them into silent credential and cryptocurrency stealers. The affected packages — react-native-country-select@0.3.91 and react-native-international-phone-number@0.11.8 — were published within minutes of each other by the same publisher, AstrOOnauta, and together accounted […] The post https://cybersecuritynews.com/glassworm-hits-popular-reac… appeared first on https://cybersecuritynews.com. https://cybersecuritynews.com/glassworm-hits-popular-reac…