A sophisticated supply chain attack targeting the npm ecosystem has been uncovered, involving a malicious package named js-logger-pack that evolved into a powerful cross-platform malware loader.
First observed in early April 2026, the package went through 29 incremental versions, gradually transforming from a seemingly benign logging utility into a full-scale information stealer and remote access Trojan.
Despite public disclosures, the operation remains active. As of May 28, researchers confirmed that the command-and-control server at 195.201.194.107:8010 was still operational, actively receiving connections from infected systems.
The embedded HuggingFace API token used for data exfiltration also remained valid at the time of discovery, allowing attackers to continue collecting stolen data undetected. The token has since been reported for revocation, but evidence suggests real victims were under active surveillance for weeks.
The core payload, MicrosoftSystem64, is an 81 MB stripped ELF binary that also supports Windows and macOS platforms. It is built using Node.js v20.18.2 Single Executable Application technology, enabling attackers to bundle complex functionality into a single portable file.
Once executed, the malware establishes a WebSocket connection to its command server and awaits instructions from a set of 24 supported commands, effectively giving attackers full remote control over compromised systems.
The malware demonstrates extensive data harvesting capabilities. It targets over 15 browser families, including Chrome, Edge, Firefox, Brave, Opera, and Safari, extracting saved credentials, cookies, and session data.
SafeDep said in a report shared with GBhackers, on April 15 revealed the presence of a second-stage payload called MicrosoftSystem64, while subsequent analysis by JFrog highlighted the campaign’s unusual use of HuggingFace infrastructure for covert data exfiltration.
It also specifically focuses on more than 80 cryptocurrency wallet browser extensions, collecting sensitive wallet files, extension storage, and related metadata.
Telegram Desktop sessions are compromised by compressing and exfiltrating the tdata directory, allowing attackers to hijack user accounts without authentication.
In addition, MicrosoftSystem64 searches for SSH keys such as id_rsa and id_ed25519, along with known_hosts and authorized_keys files, enabling potential lateral movement across networks.
A built-in keylogger captures keystrokes using native operating system APIs, including SetWindowsHookEx on Windows, CGEventTap on macOS, and xinput or evdev on Linux.
Clipboard data is monitored continuously, and screenshots are captured every 60 seconds, providing attackers with a real-time view of victim activity.
MicrosoftSystem64 Malware
One of the most notable aspects of this campaign is the use of HuggingFace datasets as an exfiltration channel. Instead of relying on traditional attacker-controlled servers, the malware uploads stolen data directly to HuggingFace repositories, blending malicious traffic with legitimate machine learning activity.
This approach makes detection significantly more difficult, especially in environments where HuggingFace access is considered normal.
The malware also uses HuggingFace model repositories to distribute updates, checking for new versions every 24 hours. This allows attackers to continuously enhance capabilities and evade detection without relying on suspicious infrastructure.
Persistence mechanisms are implemented across all major platforms. On Windows, the malware creates scheduled tasks, while macOS systems use LaunchAgents.
Linux systems are infected through systemd user services and XDG autostart entries, ensuring the malware remains active after reboot.
This campaign highlights a growing trend where attackers exploit trusted developer platforms and AI infrastructure to evade detection.
The combination of supply chain compromise, cross-platform targeting, and stealthy exfiltration via legitimate services makes MicrosoftSystem64 a significant threat to both developers and enterprise environments.
Indicators of Compromise (IoC)
| Indicator | Value |
|---|---|
| Binary name | MicrosoftSystem64 (Linux), MicrosoftSystem64.exe (Windows), MicrosoftSystem64-darwin-x64 / MicrosoftSystem64-darwin-arm64 (macOS) |
| SHA-256 (Linux ELF) | b2954c945b51dbd6fa88ac72338b7fbf76dec7d9909ceada9d36b21330842c97 |
| File size | 85,134,080 bytes (81 MB) |
| Binary version | 1.0.8 |
| Node.js version | v20.18.2 (statically linked SEA) |
| C2 server | 195[.]201[.]194[.]107:8010 (WebSocket + HTTP), Hetzner Online GmbH, DE, AS24940 |
| HuggingFace binary host | hxxps://huggingface[.]co/jpeek998/system-releases/resolve/main |
| HuggingFace exfil account | jpeek998 (encrypted in binary config) |
| HuggingFace token (encrypted) | MlohU84sIc82dTpY/CgE3jdOOWD1OwnyDXYRds4bG+cUeBRH7w== |
| XOR encryption key | [90, 60, 126, 18, 159, 75, 109, 138] |
| Persistence unit name | MicrosoftSystem64 (systemd service, LaunchAgent label com.launchkeeper.MicrosoftSystem64, Windows scheduled task) |
| Install directory | ~/.local/share/MicrosoftSystem64 (Linux), ~/Library/Application Support/MicrosoftSystem64 (macOS), %LOCALAPPDATA%MicrosoftSystem64 (Windows) |
| Registration marker | .registered file with ISO timestamp in install directory |
| Related npm package | js-logger-pack (v1.1.22+ acts as dropper) |
| Related HuggingFace repo | Lordplay/system-releases (earlier binary hosting) |
Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
