Full Report
Amazon spilled the TEA Yet another supply chain attack has hit the npm registry in what Amazon describes as "one of the largest package flooding incidents in open source registry history" - but with a twist. Instead of injecting credential-stealing code or ransomware into the packages, this one is a token farming campaign.…
Analysis Summary
# Tool/Technique: npm Package Flooding for Token Farming
## Overview
This describes a massive, coordinated supply chain attack targeting the npm registry, focusing on polluting the registry with over 150,000 junk packages. The primary goal was not traditional malware deployment (like credential theft or ransomware) but rather exploiting the incentives of the TEA token reward system (associated with [tea.xyz](http://tea.xyz/)) to automatically generate and publish packages, thereby farming cryptocurrency tokens for the attackers.
## Technical Details
- Type: Technique (Supply Chain Contamination/Abuse of Reward System)
- Platform: npm Registry, JavaScript/Node.js ecosystem
- Capabilities: Automated package generation, large-scale registry pollution, targeting of financial reward systems.
- First Seen: Package discovery started in late October, recognized as a massive incident by November 12, 2025 (based on the article date context).
## MITRE ATT&CK Mapping
This campaign primarily abuses infrastructure and supply chain mechanisms for financial gain, rather than direct execution against an end-user system for typical objectives.
- **TA0007 - Discovery** (Less applicable, but the goal is finding rewards)
- **TA0011 - Command and Control** (If the packages phone home or check in, though not explicitly detailed as C2)
- **TA0016 - Resource Hijacking** (Abusing registry infrastructure for resource exhaustion/financial gain)
- **T1492.001 - Exploit Public-Facing Application: Web Application: Supply Chain Compromise (indirectly, by polluting the repository)**
- **T1492.002 - Exploit Public-Facing Application: Web Application: Registry Contamination** (Closest fit for polluting the repository)
## Functionality
### Core Capabilities
- **Automated Package Generation:** Malicious code within the packages was designed to self-replicate and automatically generate and publish new fake packages.
- **Token Farming:** The mechanism was specifically designed to exploit the TEA token incentive protocol on [tea.xyz](http://tea.xyz/), ensuring tokens were deposited into attacker-controlled wallets upon successful package publication/contribution registration.
- **Registry Pollution:** Uploading vast quantities (150K+) of low-quality, non-functional packages to the npm registry.
### Advanced Features
- **Wallet Linking:** Packages included `tea.yaml` files which directly linked the generated activity to attacker-controlled blockchain wallet addresses for direct token accumulation.
- **Subtle Infection:** Unlike other supply chain attacks, this method reportedly *did not* inject credential-stealing code or ransomware, relying purely on manipulating a reward mechanism, making detection based on traditional malware signatures more challenging initially.
## Indicators of Compromise
*Note: Specific hashes or exact file paths related to 150,000 hypothetical packages cannot be generated from the text. Indicators are generalized based on the described mechanism.*
- File Hashes: [N/A from text]
- File Names: Malicious npm packages published across multiple developer accounts.
- Registry Keys: [N/A from text]
- Network Indicators: [tea.xyz](http://tea.xyz/) (Associated protocol/ecosystem); Attacker-controlled blockchain wallet addresses.
- Behavioral Indicators: Mass, automated publishing of new, low-quality npm content linked to the TEA reward system; Presence of `tea.yaml` files designed to route financial rewards.
## Associated Threat Actors
- Unspecified criminal group focusing on automated financial exploitation via open-source incentive systems. The actors are coordinated and demonstrated the ability to manage thousands of developer accounts.
## Detection Methods
- **Signature-based detection:** Initially difficult, as traditional malware payloads were absent. Detection relies on identifying patterns related to the TEA token farming execution code.
- **Behavioral detection:** Detecting the *scale* and *automated nature* of continuous package publishing from specific accounts or IP ranges associated with the farming scheme.
- **YARA rules if available:** Rules would likely target specific code patterns associated with generating TEA wallet links or the self-replication logic within the package installation scripts (`preinstall`, `postinstall`, or dependencies).
## Mitigation Strategies
- **Dependency Scanning:** Utilizing tools (like Amazon Inspector mentioned in the text) to scan development environments for packages linked to the [tea.xyz](http://tea.xyz/) token farming campaign.
- **Supply Chain Hardening:** Implementing robust CI/CD practices, including isolation of build environments.
- **Package Vetting:** Removing low-quality, non-functional packages from dependency trees to reduce reliance on unknown or suspicious contributors.
- **Ecosystem Collaboration:** Reporting malicious packages swiftly, as demonstrated by submissions to the OpenSSF malicious packages repository.
## Related Tools/Techniques
- Other large-scale npm package flooding incidents.
- Attacks targeting decentralized finance (DeFi) or cryptocurrency reward systems through software contributions.
- Standard dependency confusion or typo-squatting attacks (though this focused on poisoning the reward structure rather than direct user compromise).