Article Details

Crims poison 150K+ npm packages with token-farming malware. Amazon spilled the TEA. Yet another supply chain attack has hit the npm registry in what Amazon describes as "one of the largest package flooding incidents in open source registry history" - but with a twist. Instead of injecting credential-stealing code or ransomware into the packages, this one is a token farming campaign. Amazon Inspector security researchers, using a new detection rule and AI assistance, originally spotted the suspicious npm packages in late October, and, by November 7, the team had flagged thousands. By November 12, they had uncovered more than 150,000 malicious packages across "multiple" developer accounts. These were all linked to a coordinated tea.xyz token farming campaign, we're told. This is a decentralized protocol designed to reward open-source developers for their contributions using the TEA token, a utility asset used within the tea ecosystem for incentives, staking, and governance. Unlike the spate of package poisoning incidents over recent months, this one didn't inject traditional malware into the open source code. Instead, the miscreants created a self-replicating attack, infecting the packages with code to automatically generate and publish, thus earning cryptocurrency rewards on the backs of legitimate open source developers.  The code also included tea.yaml files that linked these packages to attacker-controlled blockchain wallet addresses. Meanwhile, users were completely unaware that they were unwittingly padding the attackers' wallets. "This incident demonstrates both the evolving nature of threats where financial incentives drive registry pollution at unprecedented scale, and the critical importance of industry-community collaboration in defending the software supply chain," AWS researchers Chi Tran and Charlie Bacon said in a security blog about the token farming campaign​​. The cloud giant coordinated with the Open Source Security Foundation (OpenSSF) on a response, submitting newly-discovered malicious packages to the OpenSSF malicious packages repository, with each package on average receiving a MAL-ID within 30 minutes. Despite not using secret-stealing or other malware, this campaign poses several risks, according to Tran and Bacon. These include flooding the npm registry with low-quality, non-functional packages that erode trust in the open source community - which is already fighting a constant (and unpaid) battle to secure registries that underpin critical infrastructure. Additionally, registry infrastructure, bandwidth, and storage are consumed by these financial-gain-seeking packages, and that eats up resources that could be used by real contributors. Plus, "the success of this campaign could inspire similar exploitation of other reward-based systems, normalizing automated package generation for financial gain," the Amazonians warn. Being a vendor, Amazon naturally encourages defenders to use its products to scour their development environment for any packages linked to tea.xyz token farming. But it's always a good idea to remove low-quality, non-functional packages, and harden supply chains, including using software bills of materials (SBOMs) and isolating continuous integration and continuous delivery (CI/CD) environments.