A threat actor has created over 80,000 malicious NPM packages containing a self-replicating worm, flooding the registry with spam and junk packages. This campaign, named Big Red, disguises itself as legitimate software while potentially setting the stage for future malicious payloads. #NPM #IndonesianFoodsWorm
Keypoints
- The threat actor publishes tens of thousands of malicious NPM packages using automated processes.
- The code replicates itself, generating new packages every 7 seconds to flood the registry.
- The packages mimic legitimate applications like Next.js to avoid detection.
- The campaign uses Indonesian names, foods, and random attributes in package metadata.
- Potential future attacks may leverage this infrastructure to deliver malicious payloads.