Massive npm Attack “IndonesianFoods” Floods Ecosystem with Self-Replicating Spam Packages

Listen to this Post

Featured Image
The npm ecosystem, a cornerstone of modern software development, has come under a new, sophisticated assault. Security researchers have uncovered a large-scale, worm-like campaign named “IndonesianFoods”, which has been quietly spreading malicious packages for over two years. Unlike conventional attacks, this campaign leverages automation and interlinked dependencies to propagate at alarming speed, raising serious concerns about the integrity and security of open-source supply chains.

The IndonesianFoods Campaign: A Summary

Security expert Paul McCarty of SourceCodeRed revealed that the attack involves at least 11 npm accounts creating spam packages with uniquely themed names. Each package carries a hidden script, either auto.js or publishScript.js, which only executes when manually triggered. The script then performs three disruptive actions in a continuous loop:

It removes “private”: true from the package configuration to make packages public.

It generates random version numbers to bypass npm’s duplicate detection.

It produces new package names and publishes additional spam packages.

According to Endor Labs, the scale of this operation is staggering: one script execution can publish around 12 packages per minute, 720 per hour, and up to 17,000 per day. With over 43,900 packages identified, this suggests multiple executions across victims or attackers themselves actively flooding the registry.

These packages are interlinked as dependencies, creating a self-replicating network. When a developer installs one, npm automatically fetches its entire dependency tree, potentially pulling in hundreds of spam packages. This exponential spread not only consumes enormous bandwidth but also complicates cleanup, since every dependency must be removed.

Beyond disruption, the campaign has a financial dimension. Some packages include tea.yaml files associated with the Tea protocol, which rewards developers with tokens for open-source contributions. By exploiting circular dependencies and inflating their impact scores, attackers artificially claimed Tea token rewards. One package README even boasted about these earnings, hinting at a strong financial motive.

This latest attack echoes previous incidents, including Shai Hulud, GlassWorm, and the chalk/debug hijacking, all of which demonstrated how attackers exploit npm’s open nature to propagate malware. The IndonesianFoods campaign distinguishes itself by scale and speed, publishing packages every seven seconds, highlighting the ecosystem’s vulnerability to automated, self-replicating attacks.

The implications extend beyond immediate disruption. While IndonesianFoods currently spreads spam rather than stealing credentials, it proves how trivial it is to overwhelm one of the world’s largest software supply chains. Developers face increased registry congestion, inflated infrastructure costs, and heightened risk of future malicious commits affecting unsuspecting users.

What Undercode Say: Analyzing the Threat

IndonesianFoods represents a sophisticated evolution in open-source attacks, combining automation, dependency hijacking, and financial exploitation. The sheer efficiency of self-replication demonstrates a deep understanding of npm’s mechanics, including how dependencies are resolved and how versioning constraints can be bypassed.

The strategy of interlinking spam packages as dependencies shows that attackers are not merely targeting individual projects but the ecosystem as a whole. By creating a lattice of interdependent packages, the attack guarantees exponential propagation, making manual remediation nearly impossible. Traditional safeguards such as manual code review or simple package vetting are insufficient when a single dependency can pull in dozens more malicious packages.

Financial motives are also critical to understanding this campaign. By leveraging the Tea protocol, attackers monetized ecosystem influence without directly infecting users, demonstrating a shift in threat models from purely disruptive attacks to profit-driven campaigns. This hybrid approach—spam propagation combined with token manipulation—signals a trend where attackers exploit incentives built into developer tools and open-source ecosystems.

The broader implications for software supply chains are profound. IndonesianFoods is an example of how open, collaborative environments can be weaponized at scale. It highlights systemic vulnerabilities: open-source registries prioritize accessibility over security, automated tooling can be exploited to bypass traditional protections, and financial incentives may unintentionally encourage malicious behaviors.

For organizations and individual developers, this underscores the urgent need for advanced monitoring tools, automated dependency auditing, and stricter vetting of package origin and activity. Ecosystem-wide strategies, such as anomaly detection for unusual publishing patterns or interdependency loops, will be essential to prevent similar campaigns.

Moreover, IndonesianFoods offers a case study for attackers learning from past campaigns like GlassWorm. Each iteration refines the attack methodology, increasing automation, speed, and ecosystem-wide impact. By understanding these patterns, security researchers can develop predictive models to identify and neutralize future threats before they achieve mass propagation.

Ultimately, IndonesianFoods is a wake-up call for the open-source community. It illustrates the fragility of trust in npm and emphasizes that even without immediate malware payloads, the infrastructure itself can be weaponized. The attack demonstrates that supply chain security must be proactive rather than reactive, integrating continuous monitoring, intelligent vetting, and developer education to safeguard the ecosystem.

🔍 Fact Checker Results

✅ The attack involves over 43,900 npm packages using self-replicating scripts.
✅ Packages manipulate dependencies and exploit versioning to propagate rapidly.
❌ There is currently no evidence of credential theft, though supply chain risk remains.

📊 Prediction

🚀 Expect similar campaigns to adopt financial exploitation models, using token-based rewards or reputation systems to monetize spam propagation.
📈 Future attacks will likely combine faster self-replication with more sophisticated dependency chains, stressing both registry infrastructure and developer trust.
💡 Organizations may invest heavily in automated detection and AI-based dependency analysis to anticipate and mitigate ecosystem-wide threats.

🕵️‍📝✔️Let’s dive deep and fact‑check.

References:

Reported By: www.infosecurity-magazine.com
Extra Source Hub (Possible Sources for article):
https://www.stackexchange.com
Wikipedia
OpenAi & Undercode AI

Image Source:

Unsplash
Undercode AI DI v2
Bing

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeNews & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon