Security researchers have uncovered another large-scale, coordinated attack on the npm ecosystem, using worm-like techniques to spread spam packages.
Dubbed “IndonesianFoods” due to the unique naming scheme used across the packages, the campaign has been running for over two years, according to SourceCodeRed’s Paul McCarty.
At least 11 npm accounts have been created to deploy the packages, he said. Each package contains a malicious script file named either `auto.js` or `publishScript.js` which only executes when someone manually runs it.
It then performs three actions in an “infinite loop,” according to Endor Labs:
- It checks for `”private”: true` in package.json and removes it, in order to force the packages to be made public
- It generates a random version number to bypass npm’s duplicate version detection system
- It generates a new package name and publishes the spam package to npm
“The mathematics of this attack are concerning,” said Endor Labs.
“A single execution publishes approximately 12 packages per minute, 720 per hour, or 17,000 per day. The existence of 43,900 packages suggests either multiple victims executed the script or the attackers ran it themselves to flood the registry.”
The packages themselves reference each other as dependencies, creating a self-replicating network, the security firm continued.
“When a user installs one of these packages, npm automatically fetches its entire dependency tree. If each spam package includes 8–10 additional spam packages as dependencies, the spread grows exponentially,” it warned.
“Installing a single package could result in pulling in over a hundred related spam packages, rapidly multiplying registry bandwidth usage, and making cleanup much more complex, since the entire dependency chain must be removed.”
Monetization or Disruption?
At the very least, the campaign is flooding the npm registry with spam packages that waste infrastructure resources and pollute search results, SourceCodeRed’s McCarty claimed.
Attackers could also choose to push a malicious commit in the future that would affect every user that has downloaded them unwittingly, creating significant supply chain risk. Endor Labs said some packages are accruing thousands of weekly downloads.
It also linked the campaign to the Tea protocol, which aims to reward open source developers for their contributions by issuing them tokens on a related blockchain.
“By embedding ‘tea.yaml’ files across thousands of spam packages and interlinking them through circular dependencies, the attackers inflated their ‘impact scores’ and claimed Tea token rewards for artificial ecosystem value,” the security vendor explained.
“Notably, one of the package READMEs even boasts about these earnings, reinforcing the financial motive behind the campaign.”
Read more on npm threats: Malicious npm Packages Deliver Sophisticated Reverse Shells
This is the latest worm event to hit npm, following the Shai Hulud campaign spotted in September.
Garrett Calpouzos, security researcher at Sonatype, said the latest discovery also echoes the GlassWorm malware and the “chalk/debug” hijacking.
“We’re watching the same playbook evolve, but faster,” he added.
“After GlassWorm showed how quickly a malicious package could self-replicate across npm, and the chalk/debug hijacking exposed how attackers are turning legitimate dependencies into distribution channels, IndonesianFoods is the next iteration: a self-publishing worm operating at massive scale, firing every seven seconds.”
The sheer automation and scale of IndonesianFoods is what should make developers alarmed, Calpouzos said.
“Each wave of these attacks weaponizes npm’s open nature in slightly new ways,” he concluded.
“This one may not steal credentials or inject code, but it still strains the ecosystem and proves how trivial it is to disrupt the world’s largest software supply chain. While the motivation is unclear, the implications are striking.”