Redazione RHC : 15 November 2025 08:43
A self-propagating worm, named IndonesianFoods , has been discovered in npm . It generates new packets every seven seconds. According to Sonatype, the malware has already created over 100,000 packets , and this number continues to grow.
The IndonesianFoods worm’s name randomly assigns names related to Indonesian dishes. Although the packages created by the worm currently do not contain any malicious functionality ( such as data theft or hidden backdoors), this could easily change with an update that adds the payload the attackers seek.
Researchers warn that the level of automation and scope of this attack creates the potential for large-scale supply chain compromise . One of the first to notice this malicious campaign was security researcher Paul McCarty, who created a dedicated page to track the npm users associated with the worm and the number of packages they published.
Meanwhile, Sonatype analysts report that the same attackers attempted to launch an attack on September 10, 2025 , using the fajar-donat9-breki package. Although it contained the same self-replication logic, it failed to spread. Experts believe that IndonesianFoods is not targeting developers’ computers. Instead, they believe the worm aims to overload the ecosystem and disrupt the world’s largest software supply chain.
“This attack has compromised numerous security systems, demonstrating unprecedented scale,” the company said. “Amazon Inspector flags such packages via OSV alerts, triggering a huge wave of vulnerability reports. The Sonatype database alone recorded 72,000 new bulletins in a single day.”
However, according to Endor Labs , some IndonesianFoods packages contain tea.yaml files with crypto wallet accounts and addresses, thus abusing the TEA protocol , a blockchain platform that pays open-source developers in tokens . The scheme is simple: the more packages there are and the higher their impact score, the more tokens can be obtained. It is believed that the attackers could have created thousands of interconnected packages to accumulate tokens.
Researchers report that the worm resides in a single JavaScript file (auto.js or publishScript.js) within each package. However, it doesn’t activate automatically and has no automatic installation triggers or post-installation hooks; node auto.js must be run manually. It’s unclear who manually launched this file, but the tens of thousands of packages containing IndonesianFoods indicate that either multiple victims opened the file for some reason, or the attackers did so themselves.
Endor Labs says it has found no evidence of large-scale social engineering activity accompanying this campaign. However, the malware code may be designed for scenarios where users are tricked (for example, through fake tutorials) into running node auto.js to complete the setup.
Once activated, the script runs in an infinite loop: it removes “private”: true from package.json, generates a random name from a dictionary, creates a random version number (to circumvent npm’s duplicate detection), and publishes a new package via npm publish . The cycle repeats continuously, with a new package appearing every 7–10 seconds.
“The repository fills up with junk, the infrastructure wastes resources, search results become polluted, and if someone accidentally installs the package, supply chain risks arise,” McCarthy writes. Interestingly, according to Endor Labs, this spam campaign began two years ago: in 2023, the attackers added 43,000 packages to npm, in 2024 they implemented monetization via TEA, and in 2025 they added self-replication to this scheme, turning IndonesianFoods into a worm.
IndonesianFoods isn’t the first worm to hit the headlines recently. More recently, the GlassWorm worm was discovered in OpenVSX and the Visual Studio Code Marketplace , while the Shai-Hulud worm compromised hundreds of npm packages.
Sonatype analysts warn that these simple yet effective malware campaigns create the ideal conditions for attackers to silently introduce more serious malware into open source ecosystems.
Redazione