❌

Normal view

IndonesianFoods Spam Campaign: 89 000 junk packages in npm

19 March 2026 at 06:48

What do the words bakso, sate, and rendang bring to mind? For many, the answer is β€œnothing”; foodies will recognize them as Indonesian staples; while those who follow cybersecurity news will remember an attack on the Node Package Manager (npm) ecosystem β€” the tool that lets developers use prebuilt libraries instead of writing every line of code from scratch.

In mid-November, security researcher Paul McCarty reported the discovery of a spam campaign aimed at cluttering the npm registry. Of course, meaningless packages have appeared in the registry before, but in this case, tens of thousands of modules were found with no useful function. Their sole purpose was to inject completely unnecessary dependencies into projects.

The package names featured randomly inserted Indonesian dish names and culinary terms such as bakso, sate, and rendang, which is how the campaign earned the moniker β€œIndonesianFoods”. The scale was impressive: at the time of discovery, approximately 86Β 000 packages had been identified.

Below, we dive into how this happened, and what the attackers were actually after.

Inside IndonesianFoods

At first glance, the IndonesianFoods packages didn’t look like obvious junk. They featured standard structures, valid configuration files, and even well-formatted documentation. According to researchers at Endor Labs, this camouflage allowed the packages to persist in the npm registry for nearly two years.

It’s not as if the attackers were aggressively trying to insert their creations into external projects. Instead, they simply flooded the ecosystem with legitimate-looking code, waiting for someone to make a typo or accidentally pick their library from search results. It’s a bit unclear exactly what you’d have to be searching for to mistake a package name for an Indonesian dish, but the original research notes that at least 11 projects somehow managed to include these packages in their builds.

A small portion of these junk packages had a self-replication mechanism baked in: once installed, they would create and publish new packages to the npm registry every seven seconds. These new modules featured random names (also related to Indonesian cuisine) and version numbers β€” all published, as you’d expect, using the victim’s credentials.

Other malicious packages integrated with the TEA blockchain platform. The TEA project was designed to reward open-source creators with tokens in proportion to the popularity and usage of their code β€” theoretically operating on a β€œProof of Contribution” model.

A significant portion of these packages contained no actual functionality at all, yet they often carried a dozen dependencies β€” which, as you might guess, pointed to other spam projects within the same campaign. Thus, if a victim mistakenly includes one of these malicious packages, it pulls in several others, some of which have their own dependencies. The result is a final project cluttered with a massive amount of redundant code.

What’s in it for the attackers?

There are two primary theories. The most obvious is that this entire elaborate spam campaign was designed to exploit the aforementioned TEA protocol. Essentially, without making any useful contribution to the open-source community, the attackers earn TEA tokens β€” which are standard digital assets that can be swapped for other cryptocurrencies on exchanges. By using a web of dependencies and self-replication mechanisms, the attackers pose as legitimate open-source developers to artificially inflate the significance and usage metrics of their packages. In the README files of certain packages, the attackers even boast about their earnings.

However, there’s a more chilling theory. For instance, researcher Garrett Calpouzos suggests that what we’re seeing is merely a proof of concept. The IndonesianFoods campaign could be road-testing a new malware delivery method intended to be sold later to other threat actors.

Why you don’t want junk in your projects

At first glance, the danger to software development organizations might not be obvious: sure, IndonesianFoods clutters the ecosystem, but it doesn’t seem to carry an immediate threat like ransomware or data breaches.Β  However, redundant dependencies bloat code and waste developers’ system resources. Furthermore, junk packages published under your organization’s name can take a serious toll on your reputation within the developer community.

We also can’t dismiss Calpouzos’s theory. If those spam packages pulled into your software receive an update that introduces truly malicious functionality, they could become a threat not just to your organization, but to your users as well β€” evolving into a full-blown supply chain attack.

How to safeguard your organization

Spam packages don’t just wander into a project on their own; installing them requires a lapse in judgment from a developer. Therefore, we recommend regularly raising awareness among employees β€” even the tech-savvy ones β€” about modern cyberthreats. Our interactive training platform, KASAP (Kaspersky Automated Security Awareness Platform), can help with that.

Additionally, you can prevent infection by using a specialized solution for protecting containerized environments. It scans images and third-party dependencies, integrates into the build process, and monitors containers during runtime.

If you want to learn more about supply chain attacks, we invite you to look at our analytical report Supply chain reaction: securing the global digital ecosystem in an age of interdependence. It’s based on insights from technical experts and reveals how often organizations face supply-chain and trusted-relationship risks, and how they perceive them.

Jetbrains Air is een ide die specifiek voor AI-agents bedoeld is

13 March 2026 at 20:44
JetBrains heeft een tool uitgebracht waarmee ontwikkelaars AI-agents kunnen gebruiken. Het gaat om een aparte ide die nu in preview beschikbaar is, die naast IntelliJ bestaat. Air werkt onder andere met ChatGPT Codex en Claude Agent.

Nvidia investeert 2 miljard dollar in Nederlandse aanbieder van AI-cloud

12 March 2026 at 08:39
Nvidia sluit een miljardenovereenkomst met het Nederlandse AI-cloudbedrijf Nebius. Het in Amsterdam gevestigde bedrijf krijgt een investering van 2 miljard dollar voor de bouw van zogeheten AI-fabrieken. Nebius wil eind 2030 meer dan 5 gigawatt aan Nvidia-hardware inzetten.

Reuters: SUSE gaat mogelijk in de verkoop voor ruim 5 miljard euro

11 March 2026 at 20:23
EQT wil opensourcebedrijf SUSE verkopen, meldt Reuters. Het investeringsfonds zou de verkoop van het opensourcesoftwarebedrijf onderzoeken. Naar verluidt mikt EQT op een waardering van 6 miljard dollar, omgerekend ruim 5 miljard euro.

'Apple stelt vernieuwde Siri met Google Gemini uit om gebrekkige prestaties'

12 February 2026 at 09:14
Apple zou ontwikkelproblemen hebben met de vernieuwde Siri op basis van Google Gemini. De langverwachte nieuwe uitvoering van de virtuele assistent voor Apple-apparaten loopt volgens bronnen van Apple-watcher Mark Gurman vertraging op naar iOS 26.5 en zelfs iOS 27.

Nvidia-ceo: AI maakt software niet overbodig

4 February 2026 at 11:59
Nvidia-ceo Jensen Huang verwacht dat AI-tools gangbare software en leveranciers daarvan niet zullen vervangen. Hij reageert op een plotse piek in de verkoop van aandelen in softwarebedrijven en IT-dienstverleners wereldwijd. Dit volgt op een recente update van Anthropics AI-bot Claude.

Apple voegt integratie van AI-codingagents toe aan softwareontwikkelpakket Xcode

3 February 2026 at 21:07
Versie 26.3 van Apples Xcode voegt AI-codingagents toe. Gebruikers kunnen dan onder meer OpenAI's Codex en Anthropics Claude Agent rechtstreeks code laten schrijven in Apples softwarepakket voor het ontwikkelen van iOS- en macOS-apps.

AI-socialemediaplatform Moltbook gaf toegang tot 35.000 e-mailadressen - update

2 February 2026 at 21:50
Moltbook, een sociaal platform voor AI-agents, bevatte een lek waarmee 35.000 e-mailadressen zichtbaar waren voor derden. Daarnaast lekte het platform 1,5 miljoen api-authenticatietokens en privΓ©berichten tussen AI-agents. Het probleem is inmiddels opgelost.

Microsofts winapp-tool kan ontwikkelomgevingen opzetten via de commandline

23 January 2026 at 14:09
Microsoft heeft een tool uitgebracht waarmee Windows-ontwikkelaars vanaf de commandline ontwikkeltaken kunnen uitvoeren. Winapp is bedoeld voor ontwikkelaars die met meerdere frameworks werken en geen ide's als Visual Studio gebruiken. De tool kan eenvoudig de benodigde sdk's downloaden of appmanifests bijwerken.

Curl stopt met bugbountyprogramma door 'AI-slop'

14 January 2026 at 21:32
De makers van de tool curl stoppen met het bugbountyprogramma door de grote stijging van het aantal rapportages die deels door AI gegenereerd zijn. Het doornemen van de rapportages kost veel tijd, terwijl er maar weinig daadwerkelijk kwetsbaarheden bevatten.

Microsoft dicht drie zerodays waarvan één actief werd misbruikt

14 January 2026 at 16:18
Microsoft heeft tijdens Patch Tuesday 114 kwetsbaarheden in Windows gepatcht, waaronder drie zerodays. Een van die zerodaykwetsbaarheden werd ook actief misbruikt. Verder heeft Microsoft acht kritieke kwetsbaarheden gedicht.

Exploit Development – A Sincere Form of Flattery

moth // Recently, BHIS penetration tester Dale Hobbs was on an Internal Network Penetration Test and came across an RPC-based arbitrary command execution vulnerability in his vulnerability scan results.Β  I […]

The post Exploit Development – A Sincere Form of Flattery appeared first on Black Hills Information Security, Inc..

Lawrence’s List 080516

By: BHIS
5 August 2016 at 18:38

Lawrence Hoffman // With BlackHat and DefCon happening as I type it’s hard to choose what’s going to make this list. I will probably save most of the big shiny […]

The post Lawrence’s List 080516 appeared first on Black Hills Information Security, Inc..

❌