IndonesianFoods worm: a massive spam campaign in the npm ecosystem

Security researchers have discovered a significant spam campaign within the npm ecosystem, known as the IndonesianFoods worm, flooding the registry with junk packages, as reported by The Cyber Express.

The IndonesianFoods worm, operating for over two years, has published over 43,000 spam packages across multiple accounts, aiming to pollute the npm registry rather than steal data. The attack's unique naming scheme, combining Indonesian names and food terms, adds to its distinctive identity. This malicious operation disrupts developers and search results, exploiting npm's open publishing model to overwhelm the registry with automated spam.

The IndonesianFoods worm highlights the evolving nature of spam campaigns in software supply chains, emphasizing automation and persistence to avoid detection.

Source: The Cyber Express