I’ve identified an NPM spam campaign that has published over 86,000 malicious packages to the NPM registry, affecting at least eleven NPM users. This attack focuses on creating new packages rather than stealing credentials or engaging in other, more immediately malicious behaviours.
We are calling this a “spam campaign” rather than a worm, as this campaign focused on creating LOTS of packages, rather than self-replicating like a true worm. This attack almost doubles the known number of malicious NPM packages.
What is the IndonesianFoods campaign?
The IndonesianFoods spam campaign is a long-term, coordinated attack targeting the NPM (Node Package Manager) ecosystem. The campaign gets its name from the bizarre internal dictionary and distinctive naming scheme used across the malicious packages. What makes this threat particularly concerning is that the attackers took the time to craft an NPM campaign involving tens of thousands of packages, rather than a singular attack. Even worse, these threat actors have been staging this for over two years.
Because of the sheer volume of packages and data, I have created a GitHub repository that includes all the repositories and users’ data. That repo is: https://github.com/6mile/Indonesian-Foods-Worm
The Actors Behind the Attack
Security analysis has identified 55 NPM user accounts that appear to be part of this coordinated campaign. This number is sure to rise.
In the table below you can see the malicious NPM actor, the number of packages deployed by that actor and the file that delivers the payload in the third column:
| NPM User | Number of Packages | Payload File |
|---|---|---|
| veyla | 5250 | auto.js |
| doaortu | 496 | auto.js |
| jarwok | 1821 | publishScript.js |
| noirdnv | 5250 | auto.js |
| vndra | 5250 | publishScript.js |
| voinza | 5250 | auto.js |
| yunina | 5250 | auto.js |
| sernaam.b.y | 4468 | ? |
| rudiox | 435 | ? |
| bipyruss | 5250 | index.js |
| vayza | 5244 | auto.js |
| seblakkuah | 2519 | auto.js |
| doelsumbing87 | 623 | ? |
| abbeey | 844 | ? |
| mraihannaufal | 31 | ? |
| rajhsinggg | 5250 | ? |
| abbeey | 844 | ? |
| miftaikyy | 1099 | ? |
| ryliefrey | 5250 | ? |
| akunsansan0 | 405 | ? |
| mizukiyakane | 2925 | ? |
| mipppp | 5250 | ? |
| mipta1 | 4668 | ? |
| mipta19 | 4524 | ? |
| miptaa02 | 3650 | ? |
| waifurs | 39 | ? |
| sonyamiaw | 5218 | ? |
| trevorali | 313 | ? |
| miptaa02 | 3650 | ? |
| jazuli | 10 | ? |
Each of these accounts appears to have been created specifically to deploy these packages, and don’t appear to be legitimate accounts that have been compromised.
Key Characteristics
The IndonesianFoods campaign exhibits several distinctive features that set it apart from typical NPM supply chain attacks:
- Long-term coordination: Unlike opportunistic attacks, this campaign shows signs of sustained, coordinated effort over an extended period
- Consistent naming patterns: The packages share naming conventions that suggest a unified strategy
- Bizarre internal dictionary: The malware uses an unusual set of terms and naming conventions internally, giving the campaign its distinctive identity
- Multiple actor accounts: The use of at least seven different user accounts helps distribute the attack and makes detection and removal more difficult
What does the payload do?
There are three types of packages in this campaign.
First, the majority of the packages involved include a tea.yaml file and not much else. This is the author’s way of monetising the Tea Protocol blockchain. This blockchain incentivises open-source projects, and by including the tea.yaml file, the authors are pretending to be legitimate open-source work.
Second, the second most common file type is a package whose sole purpose is to include a package.json manifest file that includes dependencies to other packages in the spam campaign. You can see one of those manifest files to the right.
The third type of file is the rarest in this campaign group and includes worm-like behaviour in that its sole purpose is to create other NPM packages in the campaign. It does several things:
- Generates random package names using Indonesian names and food terms (like “andi-rendang23-breki”)
- Modifies package.json files to force packages to be public and assign random version numbers
- Publishes spam packages to NPM using the
npm publishcommand - Repeats continuously in an infinite loop, publishing a new spam package every 7 seconds
The result: This floods the NPM registry with junk packages, wastes infrastructure resources, pollutes search results, and creates supply chain risks if developers accidentally install these malicious packages. The malware disguises itself as a legitimate Next.js application to avoid detection.
Important note: While the payload doesn’t directly steal credentials or data, it weaponizes the NPM registry itself as an attack vector for widespread ecosystem pollution.
Implications for the JavaScript Ecosystem
This discovery highlights the ongoing challenges facing the NPM ecosystem and the broader JavaScript community. The coordinated nature of the attack suggests that threat actors are becoming more sophisticated in their approach to supply chain attacks.
Organizations and developers who rely on NPM packages should:
- Regularly audit their dependencies for suspicious packages
- Monitor for packages published by the identified malicious accounts
- Implement automated security scanning tools in their CI/CD pipelines
- Stay informed about emerging threats in the NPM ecosystem
- Consider using package lock files and dependency pinning to prevent automatic updates to compromised packages
Next Steps
The OSV team is working to add these packages to the OSV.dev database. Meanwhile, I am adding all 43,964 of these into the opensourcemalware.com database.
I’ll be updating this over the next several days. Stay tuned and thanks for reading!
