CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

IndonesianFoods Worm Floods npm with Over 100,000 Fake Packages

First reported
Last updated
3 unique sources, 3 articles

Summary

Hide ▲

A large-scale spam campaign, dubbed IndonesianFoods, has flooded the npm registry with over 100,000 fake packages since early 2024. The campaign uses a worm-like propagation mechanism that requires manual execution via 'node auto.js' or 'publishScript.js' to propagate. The packages reference each other as dependencies, creating a self-replicating network. The goal appears to be monetization through the Tea protocol, rather than traditional malicious activities like data theft. The campaign has been ongoing for nearly two years, highlighting a significant security blind spot in automated detection systems. The malicious script executes in an infinite loop, removing 'private': true in package.json, generating random version numbers, and publishing new spam packages to npm. A single execution can publish approximately 12 packages per minute, 720 per hour, or 17,000 per day. The attackers have inflated their 'impact scores' and claimed Tea token rewards for artificial ecosystem value, with one package README boasting about these earnings. The campaign has overwhelmed multiple security data systems, demonstrating unprecedented scale, and has triggered a massive wave of vulnerability reports.

Timeline

  1. 14.11.2025 00:07 1 articles · 23h ago

    IndonesianFoods worm publishes over 100,000 packages

    The IndonesianFoods worm has published over 100,000 packages, growing exponentially. The campaign does not currently have a malicious payload but poses a significant threat to the software supply chain. The attack has overwhelmed security data systems, with Sonatype’s database seeing 72,000 new advisories in a single day. The campaign is linked to the Tea protocol, with attackers inflating their impact scores to earn tokens. The spam campaign began two years ago, with 43,000 packages added in 2023, TEA monetization implemented in 2024, and the worm-like replication loop introduced in 2025.

    Show sources
    Open in new tab
  2. 13.11.2025 06:58 3 articles · 1d ago

    Massive npm Spam Campaign Floods Registry with 46,000 Fake Packages

    A large-scale spam campaign has flooded the npm registry with 46,484 fake packages since early 2024. The campaign, dubbed IndonesianFoods, uses a worm-like propagation mechanism and relies on manual execution to evade detection. The goal appears to be monetization through the Tea protocol, rather than traditional malicious activities like data theft. The campaign has been ongoing for nearly two years, highlighting a significant security blind spot in automated detection systems. The malicious script executes in an infinite loop, removing 'private': true in package.json, generating random version numbers, and publishing new spam packages to npm. A single execution can publish approximately 12 packages per minute, 720 per hour, or 17,000 per day. The attackers have inflated their 'impact scores' and claimed Tea token rewards for artificial ecosystem value, with one package README boasting about these earnings. The worm has since published over 100,000 packages, growing exponentially, and has overwhelmed multiple security data systems, demonstrating unprecedented scale. The campaign is linked to the Tea protocol, with attackers inflating their impact scores to earn tokens. The spam campaign began two years ago, with 43,000 packages added in 2023, TEA monetization implemented in 2024, and the worm-like replication loop introduced in 2025.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

PhantomRaven npm credential harvesting campaign leverages invisible dependencies

An ongoing npm credential harvesting campaign dubbed PhantomRaven has been active since August 2025. The malware steals npm tokens, GitHub credentials, and CI/CD secrets from developers worldwide. At least 126 npm packages have been infected, resulting in over 86,000 downloads. The attack uses Remote Dynamic Dependencies (RDD) to hide malicious code in externally hosted packages, evading npm security scans. The campaign exploits AI hallucinations to create plausible-sounding package names, a technique known as slopsquatting. As of October 30, 2025, the attacker-controlled URL can serve any kind of malware, initially serving harmless code before pushing a malicious version. The malware scans the developer environment for email addresses and gathers information about the CI/CD environment. The npm ecosystem allows easy publishing and low friction for packages, with lifecycle scripts executing arbitrary code at install time. As of October 29, 2025, at least 80 of the infected packages remain active. Researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate "@actions/artifact" package to target GitHub-owned repositories. The package incorporated a post-install hook to download and run malware in versions 4.0.12 to 4.0.17, and has been downloaded 47,405 times. The malware specifically targets repositories owned by the GitHub organization, indicating a targeted attack against GitHub.

Open in new tab

Credential Phishing Campaign Using 175 Malicious npm Packages

A credential phishing campaign, codenamed Beamglea, has targeted over 135 industrial, technology, and energy companies worldwide. The campaign utilized 175 malicious npm packages, collectively downloaded 26,000 times, to host redirect scripts that lead victims to credential harvesting pages. The packages exploit npm's public registry and UNPKG's CDN to distribute HTML payloads designed to capture Microsoft credentials. The campaign leverages legitimate infrastructure to create a resilient phishing operation that is difficult to detect and mitigate. The packages do not execute malicious code upon installation, making them harder to identify. The HTML files, disguised as legitimate documents, redirect victims to phishing sites that pre-fill email fields, increasing the likelihood of successful credential theft.

Open in new tab

GhostAction GitHub supply chain attack steals 3,325 secrets

The GhostAction supply chain attack compromised 3,325 secrets from GitHub repositories. The attack, discovered by GitGuardian on September 2, 2025, involved malicious commits to GitHub Actions workflows that exfiltrated secrets to an external domain. The first signs of compromise were detected in the FastUUID project. The attack affected at least 817 repositories and targeted multiple package ecosystems, including PyPI, npm, DockerHub, and AWS keys. The exfiltration endpoint was taken down shortly after the campaign's discovery. The compromised secrets included PyPI tokens, npm tokens, DockerHub tokens, GitHub tokens, Cloudflare API tokens, AWS access keys, and database credentials. The attack impacted at least nine npm and 15 PyPI packages, potentially allowing for the release of malicious or trojanized versions. The Python Software Foundation invalidated all PyPI tokens stolen in the attack, confirming that the threat actors did not abuse them to publish malware. GitGuardian notified the security teams of GitHub, npm, and PyPI and opened issues in 573 impacted repositories. A hundred repositories had already detected and reverted the malicious changes before the full scope of the campaign was uncovered. GitGuardian notified PyPI on September 5, 2025, but the email ended up in the spam folder, delaying the response until September 10, 2025. PyPI advised maintainers to replace long-lived tokens with short-lived Trusted Publishers tokens and review their security history for any suspicious activity.

Open in new tab

Supply Chain Attack Targets npm Packages with Over 2.6 Billion Weekly Downloads

A supply chain attack involving multiple npm packages with over 2.6 billion weekly downloads has been discovered. The attack, which began in April 2025, involved the injection of malicious code into npm packages after compromising a maintainer's account via a phishing attack. The malicious code targets cryptocurrency wallets, including Atomic and Exodus, and redirects transactions to addresses controlled by threat actors. The attack has now expanded to include additional maintainers and packages, further broadening its impact. The malicious packages were removed within two hours of the attack, and the injected code targeted browser environments, hooking Ethereum and Solana signing requests. The attack was discovered and mitigated quickly, preventing more severe security incidents. The attack follows a series of similar incidents targeting JavaScript libraries, emphasizing the ongoing threat to the npm ecosystem and the broader supply chain. The compromised packages include popular ones such as ansi-regex, ansi-styles, chalk, debug, and others, collectively attracting over 2 billion weekly downloads. The malicious code operates by intercepting network traffic and application APIs, targeting various cryptocurrencies including Ethereum, Bitcoin, Solana, Tron, Litecoin, and Bitcoin Cash. At least 18 popular JavaScript code packages were compromised, collectively downloaded more than two billion times each week. The attack was narrowly focused on stealing cryptocurrency but highlights the potential for more disruptive malware outbreaks. The incident underscores the vulnerability of widely-used code maintained by a small number of developers and the need for stronger authentication measures.

Open in new tab

Malicious nx Packages Exfiltrate Credentials in 's1ngularity' Supply Chain Attack

The Shai-Hulud attack, a self-replicating malware, has compromised at least 187 npm packages, affecting multiple maintainers. The attack uses a self-propagating mechanism to infect other packages by the same maintainer, modifying package.json, injecting a bundle.js script, repacking the archive, and republishing it. The malware uses TruffleHog to search the host for tokens and cloud credentials, creating unauthorized GitHub Actions workflows within repositories and exfiltrating sensitive data to a hardcoded webhook endpoint. The attack is named 'Shai-Hulud' after the shai-hulud.yaml workflow files used by the malware and follows the 's1ngularity' attack, potentially orchestrated by the same attackers. The attack unfolded in three phases, impacting 2,180 accounts and 7,200 repositories. The first phase, between August 26 and 27, directly impacted 1,700 users, leaking over 2,000 unique secrets and exposing 20,000 files. The second phase, between August 28 and 29, compromised an additional 480 accounts, mostly organizations, and exposed 6,700 private repositories. The third phase, beginning on August 31, targeted a single victim organization, publishing an additional 500 private repositories. The attackers used AI-powered CLI tools like Claude, Q, and Gemini to dynamically scan for high-value secrets, tuning the prompts for better success. The Shai-Hulud worm emerged just days after a broad phishing campaign that spoofed NPM and asked developers to update their multi-factor authentication login options. The Shai-Hulud worm was first detected on September 14, 2025, around 17:58 UTC. The Shai-Hulud worm briefly compromised at least 25 NPM code packages managed by CrowdStrike. The Shai-Hulud worm spreads by using stolen NPM authentication tokens, adding its code to the top 20 packages in the victim’s account. The Shai-Hulud worm deliberately skips Windows systems, assuming the victim is working in a Linux or macOS environment. The Shai-Hulud worm uses the open-source tool TruffleHog to search for exposed credentials and access tokens on the developer’s machine. The Shai-Hulud worm attempts to create new GitHub actions and publish any stolen secrets. The Shai-Hulud worm's spread seems to have waned in recent hours but could restart if a new victim is infected. The web address used by the attackers to exfiltrate collected data was disabled due to rate limits. The Shai-Hulud worm is still propagating, although its spread has slowed down. The Shai-Hulud worm can lay dormant and restart the spread if a new victim is infected. The Shai-Hulud worm's spread could be significantly reduced by implementing a publication model that requires explicit human consent for every publication request using a phish-proof 2FA method.

Open in new tab