BLOG
IndonesianFoods Worm Publishes 86,000+ Malicious NPM Packages
NPM was flooded with junk packages that waste infrastructure resources, pollute search results, and creates supply chain risks if devs accidentall consume them.
By c0a15726-c5b1-4b0d-85e6-fe15553df9e2 ·
I've identified an NPM worm that has published over 86,500 malicious packages to the NPM registry, affecting at least sixty NPM users. This attack focuses on creating new packages rather than stealing credentials or engaging in other, more immediately malicious behaviours.
This attack more than doubles the known number of malicious NPM packages.
What is the IndonesianFoods Worm?
The IndonesianFoods worm is a long-term, coordinated attack targeting the NPM (Node Package Manager) ecosystem. The campaign gets its name from the bizarre internal dictionary and distinctive naming scheme used across the malicious packages. What makes this threat particularly concerning is that the attackers took the time to craft an NPM worm, rather than a singular attack. Even worse, these threat actors have been staging this for over two years.
Because of the sheer volume of packages and data, I have created a GitHub repository that includes all the repositories and users' data.
That repo is: https://github.com/6mile/Indonesian-Foods-Worm
The Actors Behind the Attack
Security analysis has identified 60 NPM user accounts that appear to be part of this coordinated campaign:
Identified NPM Users
NPM User
Number of Packages
Payload File
veyla
5250
auto.js
doaortu
496
auto.js
jarwok
1821
publishScript.js
noirdnv
5250
auto.js
vndra
5250
publishScript.js
voinza
5250
auto.js
yunina
5250
auto.js
sernaam.b.y
4468
?
rudiox
435
?
bipyruss
5250
index.js
vayza
5244
auto.js
seblakkuah
2519
auto.js
doelsumbing87
623
?
abbeey
844
?
mraihannaufal
31
?
rajhsinggg
5250
?
abbeey
844
?
miftaikyy
1099
?
ryliefrey
5250
?
akunsansan0
405
?
mizukiyakane
2925
?
mipppp
5250
?
mipta1
4668
?
mipta19
4524
?
miptaa02
3650
?
waifurs
39
?
sonyamiaw
5218
?
trevorali
313
?
miptaa02
3650
?
jazuli
10
?
Each of these accounts appears to have been created to deploy these packages, and doesn't appear to be a legitimate account that has been compromised. In the table above I am truncating any NPM user with less than ten packages, of which there are many.
Total Impact
Total Users: 60 (users with less than ten packages are not listed above)
Total Packages: 86583 (minimum identified)
Key Characteristics
The IndonesianFoods campaign exhibits several distinctive features that set it apart from typical NPM supply chain attacks:
Long-term coordination: Unlike opportunistic attacks, this campaign shows signs of sustained, coordinated effort over an extended period
Consistent naming patterns: The packages share naming conventions that suggest a unified strategy
Bizarre internal dictionary: The malware uses an unusual set of terms and naming conventions internally, giving the campaign its distinctive identity
Multiple actor accounts: The use of at least eleven different user accounts helps distribute the attack and makes detection and removal more difficult
What Does the Payload Do?
The IndonesianFoods malware performs a simple but damaging automated attack:
Generates random package names using Indonesian names and food terms (like "andi-rendang23-breki")
Modifies package.json files to force packages to be public and assign random version numbers
Publishes spam packages to NPM using the
npm publishcommandRepeats continuously in an infinite loop, publishing a new spam package every 7 seconds
The result: This floods the NPM registry with junk packages, wastes infrastructure resources, pollutes search results, and creates supply chain risks if developers accidentally install these malicious packages. The malware disguises itself as a legitimate Next.js application to avoid detection.
Tea Protocol Blockchain
The IndonesianFoods worm exploits the TEA Protocol's incentive mechanism through a sophisticated registry manipulation attack. By injecting tea.yaml manifests into thousands of algorithmically-generated NPM packages and establishing circular dependency graphs between them, the threat actors artificially inflated their TEA impact scores—a metric that determines token reward distribution based on perceived ecosystem contribution. This registry pollution campaign effectively gamed the TEA reward algorithm, allowing the attackers to extract financial value from worthless packages. Evidence of successful monetization exists within the package metadata itself: at least one README explicitly documents TEA token earnings, confirming the economic motivation driving this large-scale supply chain attack. Attribution analysis indicates some of the maintainers are Indonesian software engineers and crypto enthusiasts. This is consistent with the Indonesian comments and language used throughout the packages as well as the cultural naming conventions used in the malware's package generation algorithm.
Important note: While the payload doesn't directly steal credentials or data, it weaponizes the NPM registry itself as an attack vector for widespread ecosystem pollution.
Implications for the JavaScript Ecosystem
This discovery highlights the ongoing challenges facing the NPM ecosystem and the broader JavaScript community. The coordinated nature of the attack suggests that threat actors are becoming more sophisticated in their approach to supply chain attacks.
Organizations and developers who rely on NPM packages should:
Regularly audit their dependencies for suspicious packages
Monitor for packages published by the identified malicious accounts
Implement automated security scanning tools in their CI/CD pipelines
Stay informed about emerging threats in the NPM ecosystem
Consider using package lock files and dependency pinning to prevent automatic updates to compromised packages
Next Steps
The OSV team is working to add these packages to the OSV.dev database. Meanwhile, I am adding all 86,500 of these into the opensourcemalware.com database.
Stay tuned for updates and thanks for reading!