Someone hid a full RAT inside a fake npm package and exfiltrated victim data to HuggingFace
A malicious npm package name js-logger-pack , went through 29 versions on the registry which was looking innocuous logger and ending as a binary dropper. The payload it dropped was 81 MB of binary called MicrosoftSystem64 which is a full cross-platform RAT packaged as a Node.js Single Executable Application, so it shows up as a native binary to endpoint tools rather than a node process. And the clever bit was instead of sending the stolen data directly to a C2 server, it uploads everything to private HuggingFace datasets using an embedded API token. So all exfiltration traffic appears as normal HTTPS requests to a legitimate ML platform. If you have any of those in your install history then rotate everything like credentials, SSH keys, API tokens, crypto seed phrases. All packages list and full technical breakdown is in blog. submitted by /u/BattleRemote3157 [link] [comments]
k6-user-13576 • 2026-06-02 15:39
k6-load-test-comment-868429724
k6-user-13576 • 2026-06-02 15:39
k6-load-test-comment-868429724
k6-user-13576 • 2026-06-02 15:41
k6-load-test-comment-868429724
k6-user-783389 • 2026-06-02 15:55
k6-load-test-comment-510807220
k6-user-783389 • 2026-06-02 15:55
k6-load-test-comment-510807220
k6-user-704887 • 2026-06-02 15:55
k6-load-test-comment-647346305
k6-user-704887 • 2026-06-02 15:55
k6-load-test-comment-647346305
k6-user-872330 • 2026-06-02 15:55
k6-load-test-comment-853940066
k6-user-187708 • 2026-06-02 15:55
k6-load-test-comment-996502955
k6-user-872330 • 2026-06-02 15:55
k6-load-test-comment-853940066
k6-user-187708 • 2026-06-02 15:55
k6-load-test-comment-996502955
k6-user-380029 • 2026-06-02 15:55
k6-load-test-comment-299961853
k6-user-380029 • 2026-06-02 15:55
k6-load-test-comment-299961853
k6-user-794379 • 2026-06-02 15:55
k6-load-test-comment-326413796
k6-user-602494 • 2026-06-02 15:55
k6-load-test-comment-875594214
k6-user-794379 • 2026-06-02 15:55
k6-load-test-comment-326413796
k6-user-602494 • 2026-06-02 15:55
k6-load-test-comment-875594214
k6-user-78127 • 2026-06-02 15:55
k6-load-test-comment-672891061
k6-user-78127 • 2026-06-02 15:55
k6-load-test-comment-672891061
k6-user-903005 • 2026-06-02 15:56
k6-load-test-comment-703791719
k6-user-267313 • 2026-06-02 15:56
k6-load-test-comment-681744550
k6-user-903005 • 2026-06-02 15:56
k6-load-test-comment-703791719
k6-user-511700 • 2026-06-05 15:34
k6-load-test-comment-811357696
k6-user-21543 • 2026-06-05 15:34
k6-load-test-comment-712121438
k6-user-956046 • 2026-06-05 15:34
k6-load-test-comment-970556528
k6-user-378220 • 2026-06-05 15:34
k6-load-test-comment-394418766
k6-user-333475 • 2026-06-05 15:34
k6-load-test-comment-114647132
k6-user-89223 • 2026-06-05 15:34
k6-load-test-comment-393391390
k6-user-171424 • 2026-06-05 15:34
k6-load-test-comment-668111579
k6-user-723820 • 2026-06-05 15:34
k6-load-test-comment-515201429
k6-user-202370 • 2026-06-05 15:34
k6-load-test-comment-975460279
k6-user-834120 • 2026-06-05 15:34
k6-load-test-comment-896525534
k6-user-15313 • 2026-06-05 15:34
k6-load-test-comment-814984780
k6-user-471839 • 2026-06-05 15:34
k6-load-test-comment-5193800
k6-user-331963 • 2026-06-05 15:34
k6-load-test-comment-589467868
k6-user-929841 • 2026-06-05 16:11
k6-load-test-comment-883764731
k6-user-103320 • 2026-06-05 16:11
k6-load-test-comment-971733659
k6-user-929841 • 2026-06-05 16:11
k6-load-test-comment-883764731
k6-user-103320 • 2026-06-05 16:11
k6-load-test-comment-971733659
k6-user-541992 • 2026-06-05 16:12
k6-load-test-comment-841147193
k6-user-541992 • 2026-06-05 16:12
k6-load-test-comment-841147193
k6-user-529711 • 2026-06-05 16:12
k6-load-test-comment-635751516
k6-user-529711 • 2026-06-05 16:12
k6-load-test-comment-635751516
k6-user-810370 • 2026-06-05 16:25
k6-load-test-comment-268872815
k6-user-173185 • 2026-06-05 16:25
k6-load-test-comment-7705905
k6-user-991778 • 2026-06-05 16:25
k6-load-test-comment-638289360
k6-user-263889 • 2026-06-05 16:25
k6-load-test-comment-692414177
k6-user-901074 • 2026-06-05 16:25
k6-load-test-comment-953581088