A coordinated spam campaign known as the IndonesianFoods worm has infiltrated the npm ecosystem, introducing more than 43,000 malicious packages across at least eleven user accounts. This operation, which has gone undetected for nearly two years, accounts for more than one percent of the entire npm registry and highlights a significant security threat. The attack employs sophisticated tactics, such as clever naming schemes that combine Indonesian names with casual food terms to camouflage itself within legitimate packages.
Each malicious package mimics legitimate Next.js project structures and contains hidden scripts designed to activate and proliferate through dependency chains. When a contaminated package is executed, it modifies package settings to avoid detection and recursively publishes additional spam packages. Developers installing just one of these packages risk inadvertently fetching and installing hundreds of related malicious packages, compounding the threat to their systems. Furthermore, the attackers exploit the TEA protocol to monetize their campaign through cryptocurrency rewards, illustrating a financial motivation behind this extensive operations.
👉 Pročitaj original: Cyber Security News
