RSS

A Supply Chain Rat Exfiltrating to HuggingFace

f311a1 pts0 comments

Inside MicrosoftSystem64: A Supply Chain RAT Exfiltrating to HuggingFace - Real-time Open Source Software Supply Chain Security<br>Login Book a Demo 1.5k

Back<br>Vet<br>Scan and govern your dependencies across every PR and build.

PMG<br>Block malicious packages at install-time, before they enter your codebase.

xbom<br>Generate AI-enriched BOMs using real code evidence, not just manifests.

GRYPH<br>Monitor every AI coding agent action across your projects and workflows.

BackDiscover & Monitor<br>SCA & SBOMScan dependencies, generate SBOMs, enforce policy.

AI Agent DiscoverySee every AI tool and SDK in your org.

AI Agent MonitoringAudit every action your AI agents take.

Protect<br>Developer SecurityBlock malicious packages at install-time.

CI/CD SecurityBlock malicious packages in your pipeline.

MCP ServerBlock threats inside your AI coding agent.

Agent APIThreat intelligence API for custom agents.

Threat IntelligenceReal-time malicious package verdicts.

Govern<br>Endpoint ProtectionPackage events & AI inventory in the cloud.

PlatformCentralized policies, dashboard, compliance.

Login Book a Demo 1.5k

Back to Blog

Inside MicrosoftSystem64: A Supply Chain RAT Exfiltrating to HuggingFace<br>Malware

SafeDep Team<br>• May 28, 2026 • 19 min read

Table of Contents

TL;DR<br>In early April 2026, a malicious npm package called js-logger-pack began evolving through 29 versions on the registry, progressing from a harmless probe into a full WebSocket stealer and eventually a binary dropper. SafeDep’s analysis on April 15 first documented this evolution and identified its second-stage payload: a binary called MicrosoftSystem64. A week later, JFrog Research independently reported the same campaign, highlighting its novel abuse of HuggingFace as a data exfiltration channel. Despite both disclosures, the threat remains fully active over six weeks later: our live infrastructure probe on May 28 confirmed the embedded HuggingFace token was still valid, the C2 server was accepting connections, and real victims were under active surveillance. The token has since been reported to HuggingFace for revocation.<br>MicrosoftSystem64 itself is an 81 MB stripped ELF binary (with Windows and macOS variants) that packages a full-featured info-stealer and remote access trojan (RAT) inside a Node.js v20.18.2 Single Executable Application (SEA). It connects to a WebSocket C2 at 195[.]201[.]194[.]107:8010, accepts 24 distinct remote commands, and exfiltrates stolen data to attacker-controlled HuggingFace datasets. It self-updates from a HuggingFace model repository, establishes persistence on all three major operating systems, and targets over 80 cryptocurrency wallet browser extensions, every Chromium and Firefox browser variant, Telegram Desktop sessions, SSH keys, and the system clipboard. It includes a cross-platform keylogger using native OS APIs (Windows SetWindowsHookEx, macOS CGEventTap, Linux xinput/evdev) and captures periodic screenshots uploaded to HuggingFace. This post provides a deep binary-level analysis of the payload’s full capabilities. The current analyzed version is 1.0.8.<br>Impact:<br>Exfiltration of credentials from 15 browser families (Chrome, Edge, Brave, Firefox, Opera, Vivaldi, Safari, Yandex, Chromium, CocCoc, CentBrowser, Opera GX, Chrome Beta, Chrome Canary, Edge Beta).<br>Theft of 80+ cryptocurrency wallet browser extension data including local storage, extension code, and wallet files.<br>Telegram Desktop session hijacking via tdata folder compression and upload.<br>SSH key exfiltration (id_rsa, id_ed25519, id_ecdsa, known_hosts, authorized_keys).<br>Cross-platform keylogger with clipboard monitoring (1 second polling interval).<br>Periodic screenshot capture and upload to HuggingFace (60 second interval).<br>Remote command execution with shell access on all platforms.<br>Self-updating binary with 24-hour check interval from HuggingFace.<br>Persistence via Windows Scheduled Tasks, macOS LaunchAgents, Linux systemd user units and XDG autostart.<br>Indicators of Compromise (IoC):<br>IndicatorValueBinary nameMicrosoftSystem64 (Linux), MicrosoftSystem64.exe (Windows), MicrosoftSystem64-darwin-x64 / MicrosoftSystem64-darwin-arm64 (macOS)SHA-256 (Linux ELF)b2954c945b51dbd6fa88ac72338b7fbf76dec7d9909ceada9d36b21330842c97File size85,134,080 bytes (81 MB)Binary version1.0.8Node.js versionv20.18.2 (statically linked SEA)C2 server195[.]201[.]194[.]107:8010 (WebSocket + HTTP), Hetzner Online GmbH, DE, AS24940HuggingFace binary hosthxxps://huggingface[.]co/jpeek998/system-releases/resolve/mainHuggingFace exfil accountjpeek998 (encrypted in binary config)HuggingFace token (encrypted)MlohU84sIc82dTpY/CgE3jdOOWD1OwnyDXYRds4bG+cUeBRH7w==XOR encryption key[90, 60, 126, 18, 159, 75, 109, 138]Persistence unit nameMicrosoftSystem64 (systemd service, LaunchAgent label com.launchkeeper.MicrosoftSystem64, Windows scheduled task)Install directory~/.local/share/MicrosoftSystem64 (Linux), ~/Library/Application Support/MicrosoftSystem64 (macOS), %LOCALAPPDATA%\MicrosoftSystem64...

huggingface microsoftsystem64 binary malicious agent windows

Related Articles

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini

Agent Memory: An Anatomy

brgsk17 ptsmemory library user agent semantic libraries

SpaceX not the behemoth everyone thought

kaycebasques13 pts_blockquote instagram data vars text media

Naphtha Shortages Having a Growing Impact in Japan

takakaze13 ptsnaphtha packaging products shortages calbee from
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.