Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Security News
Sarah Gooding
March 6, 2024
There’s a new form of crypto spamming that is plaguing open source projects on GitHub. The tea.xyz project is a protocol that aims to incentivize open source developers and maintainers for software contributions. It is led by Homebrew creator Max Howell, who said that tea is Homebrew’s “spiritual successor.”
The tea Protocol uses Proof of Contribution, a novel ranking algorithm that measures the impact of every project in the OSS ecosystem.
The tea Protocol operates as an incentive layer by integrating with all the major software package managers—including Homebrew, npm, APT, Crate, PyPI, RubyGems, and pkgx.
Although the project seems well-intentioned, open source developers have been bombarded by tea.xyz spam PRs that attempt to update the README.md file or add a tea.yaml file to the root of the project.
This file is required by the tea protocol in order to register a project and “serves as the project's constitution to govern its number of contributors and number of votes required to carry out certain actions.” It is intended to be added by an original contributor on an open source project.
Scammers have started generating these YAML files and indiscriminately submitting PRs that are verbatim copies of the ones submitted to other repositories.
When asked by the maintainer about the purpose of the PR in the screenshot above, the person submitting it, said they “have a job that requires uploading the file and I also don't know what it is used for.” The maintainer suspected it was LLM-generated.
Tea CEO Max Howell commented on the spam PR last week, disassociating the tea project with the spammer’s behavior, and promising to make it more difficult to generate the YAML file:
Hey, we will be punishing this user, probably with a full ban and tracing as much as possible all activity they may have with other accounts and banning those too. If I could I would also ban all their friends and family too. This behavior is disgusting and counter productive to our mission. I am furious about it.
Additionally we are taking steps to force users to prove they can commit before allowing them to generate the YAML which should prevent idiots like @onedionys from being able to figure out how to create the file.
tea aims to change the nature of open source sustainability. Our mission is pure and we want to help projects like yours to flourish.
pkgx was using LLMs to generate some images and descriptions but we have removed them due to concern from the community. Nothing else is using AI or LLMs in pkgx or tea.
Howell also assured participants in the discussion that his protocol will require a check against the project via the GitHub API in the future for onboarding in order to prevent spam PRs and “reduce the burden to zero on open source maintainers.” He said the goal was to make open source sustainable. “We failed here, but it will be fixed by end of day.”
Those involved in the discussion were not so easily convinced that peddling crypto tokens as incentives is a worthwhile approach to sustainably funding open source software.
“I have some really deep doubts that's true: the incentives you're creating here are pretty obviously easy to abuse,” Aria Stewart, the project’s maintainer said.
Meanwhile, the spam has become more widespread, despite assurances to make tea more difficult to abuse. At the time of publishing, there are 565 spam PRs referencing the tea protocol, which will all require open source maintainers' time to address and close.
“It seemed this was a fresh type of abuse - we had 100+ pull requests in two days all with users trying to add tea configuration files to repositories,” Connor Tumbleson, Director of Engineering at Sourcetoad, said in a post about the the spam PRs he received on OSS projects. “Thankfully it seems most of these users are just trying to scam funds and have no actual idea how GitHub works.”
Instead of supporting the work open source maintainers are doing, the flood of spam PR's referencing the tea protocol have become a frustrating nuisance that takes time and resources away from projects.
“So in short - this is why I often hate crypto,” Tumbleson said. “This idea and execution has done nothing but steal time from open source contributors and clog up review time and research for a bunch of garbage pull requests.
“So much like Keybase got spammed with an influx of garbage users when they announced their Stellar token - GitHub is getting an influx of garbage users taking time and energy from me and others for this tea stuff.”
The Tea development team used the open source Ghost publishing project in a video example of how to register a project. As a result, the repository started receiving spam PRs and had to figure out where they were coming from and how to stop them.
The video has since been removed but it also impacted another project that is also named Ghost, which similarly received spam PRs - all from newly created GitHub users trying to earn crypto.
The tea creators even had to close ~50 spam PRs against their own repo (and then changed repo settings to prevent further spam PRs). This caused people to speculate that the tea team knew of the potential for abuse but pushed forward anyway. In a separate conversation on Mastodon, others considered the possibility that the tea team was “paying people to pollute OSS projects,” or some other party may be paying gig workers to open PRs, given the spammers’ responses that “I have a job that requires uploading the file and I don’t know what it is used for.”
“The TEA project claims it wants to support open source developers using some kind of blockchain technology,” developer Mark Stosberg said. “Somehow, more popular projects will be rewarded more.
“I believe people are rushing to add this file without explaining what it does because in each case it establishes their blockchain wallet as the ‘code owner’ of the popular Ghost project, even though they aren't regular contributors.
“So in practice the TEA project is not helping to support the Ghost project, but is instead causing a rush of self-serving PRs to be submitted to cash-in on other people's work.”
In threads across GitHub and social media, developers characterized the tea protocol as "the newest crypto scam" and an old grift that is off-putting due to the tea.YAML file being used to claim a codebase as their own for “some crypto generation scheme.”
In response to the spam on the Ghost project, Howell apologized again:
Hey everyone. We’re really sorry about this.
Firstly, we are taking down the videos. Using real projects in the example videos was a huge mistake and we own it.
Secondly we are going to add verification steps to ensure we do not generate YAML for projects without proof that the user is a legitimate contributor.
For now we will remove ghost from the listing.
Our project genuinely wants to help open source and not hinder it and our efforts are entirely focused on that which ofc includes ensuring that this kind of malicious and despicable behavior ends as soon as possible.
Thank you for your understanding and sincerely: I'm very angry about this, if it was happening to my projects I would also be incredibly unhappy about it.
Tea announced that its “incentivized testnet” received more than 185,000 sign-ups and 400 registered open-source software projects since launching on February 21, 2024, with many of these occurring in just the first 48 hours of its testnet going live. Following this massive influx of spam PRs that claim projects, it wouldn’t be surprising if tea received some of these signups through ill-gotten means.
Tea bills itself as “the rewards protocol for OSS” but its debut has angered many in the open source community who are now questioning the project’s integrity. The convergence of LLM-generated spam with a jargon-laden crypto initiative has inadvertently given the first impression of being a potentially exploitive scam. For the projects that are currently digging out from under these spam PRs, Tea has landed on the scene as a distraction from the true ethos of open-source collaboration.
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Try it now
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.