Security researcher Paul McCarty uncovered a significant coordinated spam campaign targeting the npm ecosystem.
The IndonesianFoods worm, as it has been named, consists of more than 43,000 spam packages published across at least eleven user accounts over almost two years.
These packages have survived undetected, representing more than one percent of the entire npm registry while waiting for activation.
The campaign’s scope is alarming. A single execution of the malicious script can publish approximately twelve packages per minute, generating around 720 per hour or 17,000 per day.
The attack leverages a clever naming scheme that uses Indonesian names like “andi” and “budi” combined with food terms such as “rendang” and “sate,” followed by random numbers and suffixes like “-kyuki” or “-breki.”
Examples include packages named “zul-tapai9-kyuki” and “andi-rendang23-breki.” This distinctive pattern creates camouflage within the repository while remaining traceable.
Each package appears legitimate on first inspection, containing standard Next[.]js project structures with proper configuration files, legitimate dependencies like React and Tailwind CSS, and professional documentation.
The malicious component lies in hidden script files named either “auto[.]js” or “publishScript[.]js,” which sit dormant and unreferenced in the package structure.
ENDOR Labs security analysts identified that these packages were part of an attack first described in April 2024, where attackers abuse the TEA protocol meant for rewarding open source contributions.
The platform tracks cryptocurrency rewards for ecosystem participants, which the attackers exploited to monetize their spam campaign.
At least one maintainer appeared to be an Indonesian software engineer, explaining the regional specificity of this operation.
The Worm’s Self-Replicating Mechanism: How Dormant Code Activates and Spreads
The IndonesianFoods worm demonstrates a particularly insidious spreading mechanism through dependency chains.
When the malicious script executes manually—triggered by commands like “node auto[.]js”—it performs three continuous actions. First, it removes the “private”: true flag from package[.]json files, a protection developers use to prevent accidental publication of proprietary code.
Second, it generates random version numbers like “2.3.1” to bypass npm’s duplicate detection systems.
Third, it updates the package[.]json and package-lock[.]json files, then runs “npm publish –access public” to flood the registry with new packages on a seven to ten-second cycle.
What makes this attack particularly dangerous is that each spam package references eight to ten additional spam packages as dependencies.
When developers install one contaminated package, npm automatically fetches its entire dependency tree, potentially pulling in over a hundred related spam packages in cascade.
Installing a single package could expose systems to exponential proliferation of malicious packages across the registry.
Some of these packages accumulated thousands of weekly downloads, creating opportunities for attackers to inject actual malicious code in future updates affecting massive numbers of installations.
The monetization aspect through TEA token rewards demonstrates attackers are earning cryptocurrency through artificial ecosystem value, with some packages openly displaying their earned token amounts in their documentation, reinforcing the financial motivation behind this coordinated, two-year operation.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
