Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
T3MP3ST Security Framework Uses AI to Automate 0-Day Vulnerability Discovery
July 5, 2026
Flipper Zero Firmware Updates Enhance Security, Introduce Community Guidelines
July 5, 2026
Mythos Ransomware Returns, Kali Linux 2024.2 Released, WhatsApp Vulnerability
July 5, 2026
Home/Threats/Critical npm Package Hijacks Hugging Face as Malware CDN
Threats

Critical npm Package Hijacks Hugging Face as Malware CDN

Key Takeaways A malicious npm package, `js-logger-pack`, was found to exploit Hugging Face, an AI model hosting platform, as both a malware distribution channel and a data exfiltration hub. The...

Emy Elsamnoudy
Emy Elsamnoudy
April 23, 2026 4 Min Read
42 0

Key Takeaways

  • A malicious npm package, `js-logger-pack`, was found to exploit Hugging Face, an AI model hosting platform, as both a malware distribution channel and a data exfiltration hub.
  • The attack leverages a `postinstall` script to deploy platform-specific malware, establishing persistence across Windows, macOS, and Linux systems.
  • Compromised systems are exposed to extensive data theft, including credentials, files, and keystrokes, with stolen data discreetly stored in private Hugging Face datasets.
  • JFrog Security researchers identified the threat on April 23, 2026, and recommend immediate action for systems that installed `js-logger-pack` version 1.1.27.

A recently uncovered malicious npm package, `js-logger-pack`, has transformed Hugging Face, a widely recognized platform for hosting AI models, into a dual-purpose infrastructure for distributing malware and exfiltrating sensitive data. This sophisticated campaign highlights a concerning evolution in how threat actors are exploiting legitimate cloud services to conduct supply chain attacks while maintaining a low profile, as detailed in a recent report.

Table Of Content

  • Key Takeaways
  • The Covert Infection Chain
  • Establishing Persistence and Control
  • Hugging Face as the Exfiltration Backend
  • What You Should Do

The Covert Infection Chain

Initially, the `js-logger-pack` package appeared innocuous, presenting itself as a benign logger. However, upon installation by unsuspecting developers, the true threat was activated through a `postinstall` script. This script executed automatically, initiating a hidden downloader as a detached background process, allowing the visible npm installation to complete without raising suspicion.

The downloader then retrieved one of four malicious binaries from a public Hugging Face repository, identified as Lordplay/system-releases, controlled by the attacker. These binaries were tailored to the host operating system.

Researchers at JFrog Security successfully extracted the embedded JavaScript payload from all four Node.js Single Executable Application (SEA) binaries, covering Windows, macOS, and Linux. Their analysis confirmed that the same cross-platform JavaScript bundle, containing all malicious logic, was injected into each container. This indicated that the four binaries were not distinct malware families but rather the identical implant wrapped within different Node.js runtime environments. JFrog published their comprehensive findings on April 23, 2026.

Establishing Persistence and Control

Once deployed, the malware established persistence using native operating system mechanisms. On Windows, it utilized scheduled tasks and registry Run keys. For macOS, LaunchAgent entries were created, and on Linux, systemd user units ensured its continued operation. The implant then initiated communication with a hard-coded command-and-control (C2) server at 195[.]201[.]194[.]107 via WebSocket, transmitting system information.

This provided the attacker with a live foothold, enabling a wide range of malicious activities, including reading and writing arbitrary files, scanning for credentials, logging keystrokes, monitoring clipboard data, and deploying additional payloads.

Hugging Face as the Exfiltration Backend

A particularly alarming aspect of this campaign was the attacker’s innovative use of Hugging Face as a live data exfiltration channel. Instead of relying on private servers to store stolen data, the threat actor redirected all collected information into private Hugging Face datasets, effectively outsourcing the entire data theft storage to Hugging Face’s own robust infrastructure.

Hugging Face Exfiltration Flow (Source - JFrog)
Hugging Face Exfiltration Flow (Source – JFrog)

When an upload task was triggered by the C2, the implant received a Hugging Face token, a username, a target path, and an upload ID. It then compressed the specified file or folder into a gzip archive, created or reused a private Hugging Face dataset under the attacker’s account, and uploaded the archive using an embedded Hugging Face hub client. Upon successful upload, the implant notified the Hetzner-hosted controller. To ensure data integrity, pending uploads were tracked in a local state file and resumed automatically upon reconnection, preventing any loss of stolen data even if the connection was interrupted.

This strategy offered the attacker a significant operational advantage by minimizing the C2 server’s exposure and making traffic detection more challenging. By leveraging Hugging Face for storage, the attacker simply directed the implant to attacker-controlled accounts, offloading the storage burden to the platform. Furthermore, the implant included a session-clearing feature that could terminate browser processes and wipe credentials, forcing users to re-enter passwords while the keylogger was actively running. Any credentials entered after such a forced logout could be swiftly captured and sent to a private dataset within minutes.

What You Should Do

  • Immediately rotate all secrets, including AWS keys, SSH keys, npm tokens, database passwords, API keys, and credentials stored in browser profiles.
  • Remove all persistence artifacts: delete the `MicrosoftSystem64` scheduled task, registry Run key, LaunchAgent entry, or systemd user unit, depending on the affected operating system.
  • Purge the malicious package and clear the npm cache. Subsequently, run npm config set ignore-scripts true to prevent `postinstall` hooks from executing automatically.
  • Thoroughly review all `package.json` dependency changes, including minor patch-level updates, for any unauthorized modifications.
  • Any machine that installed `js-logger-pack` version 1.1.27 should be considered fully compromised until all secrets have been rotated and all persistence artifacts have been eradicated.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackMalwarePatchSecurityThreat

Share Article

Emy Elsamnoudy

Emy Elsamnoudy

Emy is a cybersecurity analyst and reporter specializing in threat hunting, defense strategies, and industry trends. With expertise in proactive security measures, Emily covers the tools and techniques organizations use to detect and prevent cyber attacks. She is a regular speaker at security conferences and has contributed to industry reports on threat intelligence and security operations. Emily's reporting focuses on helping organizations improve their security posture through practical, actionable insights.

Previous Post

North Korean Hackers Pose as IT Workers to Infiltrate Companies

Next Post

Microsoft Teams Phishing Attacks Impersonate IT Helpdesk Staff

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical FatFs Vulnerabilities Expose Millions of Embedded Devices
July 4, 2026
Critical Linux Kernel Vulnerability CVE-2023-0179 Grants Root Access
July 4, 2026
India Bans Apps Used to Remotely Disable E-Rickshaws
July 3, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us