{"id":5825,"date":"2025-11-15T01:47:38","date_gmt":"2025-11-15T01:47:38","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=5825"},"modified":"2025-11-15T01:47:38","modified_gmt":"2025-11-15T01:47:38","slug":"spam-flooding-npm-registry-with-token-stealers-still-isnt-under-control","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=5825","title":{"rendered":"Spam flooding npm registry with token stealers still isn\u2019t under control"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>A coordinated token farming campaign continues to flood the open source npm registry, with tens of thousands of infected packages created almost daily to steal tokens from unsuspecting developers using the Tea Protocol to reward coding work.<\/p>\n<p>On Thursday, <a href=\"https:\/\/aws.amazon.com\/blogs\/security\/amazon-inspector-detects-over-150000-malicious-packages-linked-to-token-farming-campaign\/\">researchers at Amazon said<\/a> there were over 150,000 packages in the campaign. But in an interview on Friday, an executive at software supply chain management provider Sonatype, which wrote about the campaign in April 2024, told <em>CSO<\/em> that number has now grown to 153,000.<\/p>\n<p>And while this payload merely steals tokens, other threat actors are paying attention, said Sonatype CTO Brian Fox.<\/p>\n<p><a href=\"https:\/\/www.sonatype.com\/blog\/devs-flood-npm-with-10000-packages-to-reward-themselves-with-tea-tokens\">When Sonatype wrote about the campaign just over a year ago<\/a>, it found a mere 15,000 packages that appeared to come from a single person.<\/p>\n<p>With the swollen numbers reported this week, Amazon researchers wrote that it\u2019s \u201cone of the largest package flooding incidents in open source registry history, and represents a defining moment in supply chain security.\u201d<\/p>\n<p>This campaign is just the latest way threat actors are taking advantage of security holes in a number of open source repositories, which runs the risk of damaging the reputation of sites like npm, PyPI and others.<\/p>\n<p><a href=\"https:\/\/www.csoonline.com\/article\/4081492\/modern-supply-chain-attacks-and-their-real-world-impact.html\"><strong>Related content: Supply chain attacks and their consequences<\/strong><\/a><\/p>\n<p>\u201cThe malware infestation in open-source repositories is a full-blown crisis, out of control and dangerously eroding trust in the open-source upstream supply chain,\u201d said <a href=\"https:\/\/www.linkedin.com\/in\/draidman\/\" target=\"_blank\" rel=\"noopener\">Dmitry Raidman<\/a>, CTO of Cybeats, which makes a software bill of materials solution.<\/p>\n<p>As evidence, he pointed to t<a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/09\/23\/widespread-supply-chain-compromise-impacting-npm-ecosystem\">he Shai\u2011Hulud worm\u2019s rapid exploitation<\/a> of the npm ecosystem, which shows how quickly attackers can hijack developer tokens, corrupt packages, and propagate laterally across the entire dependency ecosystem. \u201cWhat began as a single compromise explodes in a few hours, leaving the whole ecosystem and every downstream project in the industry at risk in a matter of days, regardless of whether it is open source or commercial.\u201d<\/p>\n<p>This past September, Raidman <a href=\"https:\/\/www.cybeats.com\/blog\/the-alarming-acceleration-of-supply-chain-attacks-from-nx-to-qix-in-just-13-days\">wrote about the compromise of the Nx build system<\/a> after threat actors pushed malicious versions of the package into npm. Within hours, he wrote, developers around the world were unknowingly pulling in code that stole SSH keys, authentication tokens, and cryptocurrency wallets.<\/p>\n<p>These and more recent large scale uploads of malicious packages into open source repositories are \u201cjust the beginning,\u201d he warned, unless developers and repository maintainers improve security.<\/p>\n<p>The Amazon and Sonatype reports aren\u2019t the first to detect this campaign. Australian researcher <a href=\"https:\/\/melbourne2024.cyberconference.com.au\/speakers\/paul-mccarty-ebbdx\" target=\"_blank\" rel=\"noopener\">Paul McCarty<\/a> of SourceCodeRed confirmed to us that this is the spam he dubbed \u2018IndonesianFoods\u2019 <a href=\"https:\/\/sourcecodered.com\/indonesianfoods-npm-worm\/\">in a blog this week.<\/a><\/p>\n<h2 class=\"wp-block-heading\">The Tea Protocol<\/h2>\n<p>The Tea Protocol is a blockchain-based platform that gives open-source developers and package maintainers tokens called Tea as rewards for their software work. These tokens are also supposed to help secure the software supply chain and enable decentralized governance across the network, <a href=\"https:\/\/tea.xyz\/\">say its creators on their website.<\/a><\/p>\n<p>Developers put Tea code that links to the blockchain in their apps; the more an app is downloaded, the more Tea tokens they get, which can then be cashed in through a fund. The spam scheme is an attempt to make the blockchain think apps created by the threat actors are highly popular and therefore earn a lot of tokens.<\/p>\n<p>At the moment, the tokens have no value. But it is suspected that the threat actors are positioning themselves to receive real cryptocurrency tokens when the Tea Protocol launches its Mainnet, where Tea tokens will have actual monetary value and can be traded.<\/p>\n<p>For now, says Sonatype\u2019s Fox, the scheme wastes the time of npm administrators, who are trying to expel over 100,000 packages. But Fox and Amazon point out the scheme could inspire others to take advantage of other reward-based systems for financial gain, or to deliver malware.<\/p>\n<h2 class=\"wp-block-heading\">What IT leaders and developers should do<\/h2>\n<p>To lower the odds of abuse, open source repositories should tighten their access control, limiting the number of users who can upload code, said Raidman of Cybeats. That includes the use of multi-factor authentication in case login credentials of developers are stolen, he said, and adding digital signing capabilities to uploaded code to authenticate the author.<\/p>\n<p>IT leaders should insist all code their firm uses has a software bill of materials (SBOM), so security teams can see the components. They also need to insist developers know the versions of the open source code they include in their apps, and confirm only approved and safe versions are being used and not automatically changed just because a new version is downloaded from a repository.<\/p>\n<p>Sonatype\u2019s Fox said IT leaders need to buy tools that can intercept and block malicious downloads from repositories. Antivirus software is useless here, he said, because malicious code uploaded to repositories won\u2019t contain the signatures that AV tools are supposed to detect.<\/p>\n<p>In response to emailed questions, the authors of the Amazon blog, researchers\u00a0Chi Tran\u00a0and\u00a0Charlie Bacon, said open source repositories need to deploy advanced detection systems to identify suspicious patterns like malicious configuration files, minimal or cloned code, predictable code naming schemes and circular dependency chains.<\/p>\n<p>\u201cEqually important,\u201d they add, \u201cis monitoring package publishing velocity, since automated tools create at speeds no human developer could match. In addition, enhanced author validation and accountability measures are crucial for prevention. This includes implementing stronger identity verification for new accounts, monitoring for coordinated publishing activity across multiple developer accounts, as seen in this campaign, and applying \u2018guilt by association\u2019 principles where packages from accounts linked to malicious activity receive heightened scrutiny. Repositories should also track behavioral patterns like rapid account creation followed by mass package publishing, which are hallmarks of automated abuse.\u201d<\/p>\n<p>CISOs discovering these packages in their environments \u201cface an uncomfortable reality,\u201d the Amazon authors add: \u201cTheir current security controls had failed to detect a coordinated supply chain attack.\u201d<\/p>\n<p>SourceCodeRed\u2019s McCarty said IT leaders need to protect developers\u2019 laptops, as well as their automated continuous\u00a0integration and delivery pipelines (CI\/CD).\u00a0Traditional security tools like EDR and SCA don\u2019t scan for malware, he warned. \u201cThe number of people that buy Snyk thinking it does this is huge,\u201d he said.\u00a0<\/p>\n<p>McCarty has created two open source malware scanning tools. One,\u00a0<a href=\"https:\/\/opensourcemalware.com\/\">opensourcemalware.com<\/a>, is an open database of malicious content like npm packages.\u00a0It can be checked to see if a package being used is malicious.\u00a0The second is the automated open-source\u00a0<a href=\"https:\/\/github.com\/6mile\/MALOSS\">MALOSS<\/a>\u00a0tool, which is effectively a scanner that checks\u00a0opensourcemalware.com\u00a0and other sources automatically.\u00a0MALOSS can be used in a CI\/CD pipeline or on a local workstation.<\/p>\n<p>He also recommends the use of a commercial or open source package firewall, which effectively allows a developer to only install approved packages.\u00a0<\/p>\n<p>\u201cThe enterprise has more options than I think they realize,\u201d he told CSO. \u201cThey just often don\u2019t realize that there are tools and solutions to address this risk.\u00a0 Maturity is really low in this space.\u201d<\/p>\n<p><em>This article originally appeared on <a href=\"https:\/\/www.infoworld.com\/article\/4090561\/worm-flooding-npm-registry-with-token-stealers-still-isnt-under-control.html\" target=\"_blank\" rel=\"noopener\">InfoWorld<\/a>.<\/em><\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>A coordinated token farming campaign continues to flood the open source npm registry, with tens of thousands of infected packages created almost daily to steal tokens from unsuspecting developers using the Tea Protocol to reward coding work. On Thursday, researchers at Amazon said there were over 150,000 packages in the campaign. But in an interview [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":5826,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-5825","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5825"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5825"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5825\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/5826"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5825"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5825"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5825"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}