Cybersecurity researchers have uncovered the IndonesianFoods worm, a large-scale spam campaign flooding the npm registry with fake packages. This persistent attack leverages automated publishing to disrupt the ecosystem and damage trust in open-source platforms. #IndonesianFoodsWorm #npmSpamCampaign
Keypoints
- The IndonesianFoods worm has published over 43,000 spam packages across 11 npm accounts over two years.
- The campaign focuses on polluting npm with junk packages rather than stealing data or credentials.
- The malicious packages are named using Indonesian personal names and food terms, giving the worm its unique identity.
- The attack process involves continuous publication every seven seconds, creating an ongoing flood of spam.
- This campaign demonstrates the risks of automation and persistence in modern software supply chain attacks.
Read More: https://thecyberexpress.com/indonesianfoods-worm-npm-spam-campaign/