Inside MicrosoftSystem64: A Supply Chain RAT Exfiltrating to HuggingFace

A malicious npm package called `js-logger-pack` evolved through 29 versions on the registry from April 2026 into a full remote access trojan that deploys an 81 MB binary named `MicrosoftSystem64` on Windows, macOS, and Linux systems. The malware exfiltrates stolen credentials, cryptocurrency wallet data, Telegram sessions, SSH keys, and clipboard contents to attacker-controlled HuggingFace datasets, while maintaining active command-and-control connections and self-updating capabilities. The threat remained fully active as of May 28, with the embedded HuggingFace token still valid and real victims under active surveillance, despite public disclosures by SafeDep and JFrog Research.

Inside MicrosoftSystem64: A Supply Chain RAT Exfiltrating to HuggingFace Table of Contents TL;DR In early April 2026, a malicious npm package called js-logger-pack began evolving through 29 versions on the registry, progressing from a harmless probe into a full WebSocket stealer and eventually a binary dropper. SafeDep’s analysis /malicious-js-logger-pack-npm-stealer on April 15 first documented this evolution and identified its second-stage payload: a binary called MicrosoftSystem64 . A week later, JFrog Research https://research.jfrog.com/post/hugging-face-exfil/ independently reported the same campaign, highlighting its novel abuse of HuggingFace as a data exfiltration channel. Despite both disclosures, the threat remains fully active over six weeks later: our live infrastructure probe on May 28 confirmed the embedded HuggingFace token was still valid, the C2 server was accepting connections, and real victims were under active surveillance. The token has since been reported to HuggingFace for revocation. MicrosoftSystem64 itself is an 81 MB stripped ELF binary with Windows and macOS variants that packages a full-featured info-stealer and remote access trojan RAT inside a Node.js v20.18.2 Single Executable Application SEA . It connects to a WebSocket C2 at 195 . 201 . 194 . 107:8010 , accepts 24 distinct remote commands, and exfiltrates stolen data to attacker-controlled HuggingFace datasets. It self-updates from a HuggingFace model repository, establishes persistence on all three major operating systems, and targets over 80 cryptocurrency wallet browser extensions, every Chromium and Firefox browser variant, Telegram Desktop sessions, SSH keys, and the system clipboard. It includes a cross-platform keylogger using native OS APIs Windows SetWindowsHookEx , macOS CGEventTap , Linux xinput / evdev and captures periodic screenshots uploaded to HuggingFace. This post provides a deep binary-level analysis of the payload’s full capabilities. The current analyzed version is 1.0.8. Impact: - Exfiltration of credentials from 15 browser families Chrome, Edge, Brave, Firefox, Opera, Vivaldi, Safari, Yandex, Chromium, CocCoc, CentBrowser, Opera GX, Chrome Beta, Chrome Canary, Edge Beta . - Theft of 80+ cryptocurrency wallet browser extension data including local storage, extension code, and wallet files. - Telegram Desktop session hijacking via tdata folder compression and upload. - SSH key exfiltration id rsa , id ed25519 , id ecdsa , known hosts , authorized keys . - Cross-platform keylogger with clipboard monitoring 1 second polling interval . - Periodic screenshot capture and upload to HuggingFace 60 second interval . - Remote command execution with shell access on all platforms. - Self-updating binary with 24-hour check interval from HuggingFace. - Persistence via Windows Scheduled Tasks, macOS LaunchAgents, Linux systemd user units and XDG autostart. Indicators of Compromise IoC : | Indicator | Value | |---|---| | Binary name | MicrosoftSystem64 Linux , MicrosoftSystem64.exe Windows , MicrosoftSystem64-darwin-x64 / MicrosoftSystem64-darwin-arm64 macOS | | SHA-256 Linux ELF | b2954c945b51dbd6fa88ac72338b7fbf76dec7d9909ceada9d36b21330842c97 | | File size | 85,134,080 bytes 81 MB | | Binary version | 1.0.8 | | Node.js version | v20.18.2 statically linked SEA | | C2 server | 195 . 201 . 194 . 107:8010 WebSocket + HTTP , Hetzner Online GmbH, DE, AS24940 | | HuggingFace binary host | hxxps://huggingface . co/jpeek998/system-releases/resolve/main | | HuggingFace exfil account | jpeek998 encrypted in binary config | | HuggingFace token encrypted | MlohU84sIc82dTpY/CgE3jdOOWD1OwnyDXYRds4bG+cUeBRH7w== | | XOR encryption key | 90, 60, 126, 18, 159, 75, 109, 138 | | Persistence unit name | MicrosoftSystem64 systemd service, LaunchAgent label com.launchkeeper.MicrosoftSystem64 , Windows scheduled task | | Install directory | ~/.local/share/MicrosoftSystem64 Linux , ~/Library/Application Support/MicrosoftSystem64 macOS , %LOCALAPPDATA%\MicrosoftSystem64 Windows | | Registration marker | .registered file with ISO timestamp in install directory | | Related npm package | js-logger-pack | Lordplay/system-releases earlier binary hosting Analysis Binary Structure: Node.js SEA as an Evasion Vector The binary is an 81 MB stripped ELF 64-bit x86-64 executable, dynamically linked against libdl , libstdc++ , libm , libgcc s , libpthread , and libc . Despite looking like a native Linux binary to file type checks, it is a Node.js Single Executable Application https://nodejs.org/api/single-executable-applications.html SEA built on Node.js v20.18.2. The SEA format bundles the full V8 engine, Node.js runtime, OpenSSL, and the malicious JavaScript into a single distributable binary. This packaging strategy gives the attacker several advantages: the payload runs without requiring Node.js on the victim machine, the JavaScript source is embedded within megabytes of V8 runtime strings making static analysis harder, and the binary presents as a native executable to endpoint monitoring tools rather than a suspicious node process. The process.title is set to MicrosoftSystem64 , so process listings show a plausible-looking Microsoft service name. Configuration and Encryption The embedded JavaScript is bundled from dist/config.js and uses a simple XOR cipher to obfuscate hardcoded configuration values. The decryption function and key are present in cleartext: The configuration block stores XOR-encrypted values alongside cleartext comments that reveal the plaintext, making deobfuscation trivial: The decoded configuration establishes: the C2 WebSocket endpoint at ws://195 . 201 . 194 . 107:8010 , a heartbeat interval of 15 seconds, a HuggingFace model repository at jpeek998/system-releases for binary updates, and a HuggingFace API token for authenticated dataset uploads. The attacker left the plaintext in comments during development and never cleaned them from the production build. C2 Communication Architecture The agent connects to the C2 server over WebSocket with automatic reconnection using exponential backoff 1 second minimum, 10 second maximum, 500 ms jitter . On connection, it sends a heartbeat message containing a unique agentId derived from the victim’s platform, username, and machine identifier: The heartbeat fires every 15 seconds configured via HB . On reconnection, the agent resumes any pending uploads that failed during previous sessions, providing resilience against network disruptions. Command and Control: 24 Remote Tasks The binary accepts 24 distinct task types from the C2 operator, making it a full remote access trojan: | Task type | Capability | |---|---| scan wallets | Enumerate and exfiltrate all crypto wallet browser extensions and standalone wallet apps | scan files | Scan filesystem for files matching attacker-specified patterns | send tdata | Compress and upload Telegram Desktop session data | download ssh | Exfiltrate SSH keys directory | exec command | Execute arbitrary shell commands PowerShell on Windows, /bin/sh on Unix | list dir | Directory listing | list drives | Enumerate mounted drives/volumes | get system info | Collect OS, CPU, RAM, network, and user details | get folder size / get multi folder size / get multi item size | Reconnaissance of file sizes | start input capture / stop input capture / get input events | Cross-platform keylogger with clipboard capture | start screenshot stream / stop screenshot stream / set screenshot stream quality | Real-time screenshot streaming to C2 | start screenshot hf upload / stop screenshot hf upload / capture screenshot hf | Periodic screenshot upload to HuggingFace 60 second intervals | clipboard get / clipboard set / get clipboard | Read and write system clipboard | upload folder hf / upload batch hf | Upload arbitrary directories to HuggingFace datasets | The exec command handler is a full remote shell. On Windows it spawns powershell.exe -NoProfile -NonInteractive -Command , on Linux/macOS it uses /bin/sh -c . It supports configurable timeouts default 60 seconds , working directory, and shell toggle: Data Exfiltration via HuggingFace The most distinctive feature of this payload is its abuse of HuggingFace as a data exfiltration backend, documented by JFrog Research https://research.jfrog.com/post/hugging-face-exfil/ . Rather than uploading stolen data directly to the C2 server which would require significant bandwidth and storage infrastructure , the agent creates private HuggingFace datasets under the attacker’s account and commits stolen files using the HuggingFace Git LFS commit API: Each victim’s data is organized into separate datasets named from the agentId and the data type e.g., scan wallets , scan files , ssh keys . The agent first ensures the dataset exists via the HuggingFace API, then uploads gzipped archives as commits. After each upload, it notifies the C2 server with metadata about the upload: This architecture offloads storage to HuggingFace’s infrastructure, making the exfiltration harder to detect HTTPS traffic to a legitimate ML platform and cheaper for the attacker to operate. The C2 server only receives lightweight notification messages while HuggingFace stores the actual stolen data. The current binary uses the HuggingFace account jpeek998 , a pivot from the earlier Lordplay account used for binary hosting in the first dropper versions. Browser Credential Theft The scanBrowserProfiles function systematically targets 15 browser families across all three operating systems. On Windows it searches %LOCALAPPDATA% and %APPDATA% , on macOS ~/Library/Application Support , and on Linux ~/.config : Windows targets: Chrome, Chrome Beta, Chrome Canary, Edge, Edge Beta, Brave, Opera, Opera GX, Vivaldi, Yandex, Chromium, CocCoc, CentBrowser, Firefox macOS targets same families plus : Safari Linux targets: Same Chromium variants plus Firefox under ~/.mozilla For each browser, the agent copies browser history files and scans for wallet extensions by matching extension directory IDs. The browser process is killed first to release database locks: Crypto Wallet Extension Theft: 80+ Extensions The binary contains a hardcoded mapping of over 80 Chromium browser extension IDs to wallet names. For each installed extension found in any browser profile, it copies both the extension code directory and its localStorage data: The complete list spans major chains: Ethereum MetaMask, Rabby, Zerion, Rainbow , Solana Phantom, Solflare, Backpack, Glow , Bitcoin UniSat, Ordinals, Xverse , Cosmos Keplr, Leap, Cosmostation , Aptos Petra, Pontem, Martian , Sui Ethos, Sui Wallet , Tezos Temple , Polkadot Polkadot.js, Talisman, SubWallet , Tron TronLink , NEAR Meteor, HERE , Stacks Leather/Hiro , XRP Crossmark , and multi-chain wallets Trust, Coinbase, OKX, Exodus, Brave, Safe/Gnosis . Each extension’s data is copied with a 100 MB per-file size cap and packed into a gzip archive for upload: Telegram Session Hijacking The handleSendTdata function targets Telegram Desktop’s tdata directory, which contains session keys that allow full account takeover without credentials. The path resolution is OS-aware: The tdata directory is compressed with gzip via packTdata and uploaded to HuggingFace with the victim’s OS, IP address, and username as metadata: SSH Key Exfiltration The download ssh task exfiltrates the entire ~/.ssh directory, targeting: Stolen SSH keys are packed and uploaded to a dedicated HuggingFace dataset named ssh keys : Cross-Platform Keylogger The keylogger is implemented natively for each platform using OS-level input capture APIs: Windows: Uses a low-level keyboard hook via SetWindowsHookEx hook ID 13 = WH KEYBOARD LL with GetAsyncKeyState for modifier detection. Compiled and injected as an inline C snippet executed through PowerShell: macOS: Uses Core Graphics CGEventTap to create a session-level event tap that listens for keyDown events: Linux: Attempts xinput test-xi2 --root first X11 input extension , falling back to raw /dev/input evdev reading with a 24-byte input event struct parser: The keylogger runs alongside a clipboard watcher that polls every second: Screenshot Capture The binary supports both on-demand and periodic screenshot capture across all platforms: Windows: Uses PowerShell with System.Windows.Forms.Screen and System.Drawing for BitBlt-based screen capture, with a fast path fallback macOS: Uses the native screencapture -x -C -t png command Linux: Tries multiple screenshot tools: gnome-screenshot , scrot , or X11-based capture with display environment detection Periodic screenshots upload to HuggingFace every 60 seconds when enabled: Persistence Mechanisms The binary establishes persistence on all three operating systems using the UNIT STEM value MicrosoftSystem64 : Windows: - Creates a scheduled task named \MicrosoftSystem64 via schtasks /create - Sets a Run registry key under HKCU\Software\Microsoft\Windows\CurrentVersion\Run macOS: - Creates a LaunchAgent plist at ~/Library/LaunchAgents/com.launchkeeper.MicrosoftSystem64.plist - Loads via launchctl bootstrap Linux: - Creates a systemd user service at ~/.config/systemd/user/MicrosoftSystem64.service - Enables via systemctl --user enable - Runs loginctl enable-linger for user-level persistence without login - Creates an XDG autostart desktop entry at ~/.config/autostart/MicrosoftSystem64.desktop The install directory is ~/.local/share/MicrosoftSystem64 on Linux, with a .registered marker file containing an ISO timestamp written on first execution. Self-Update Mechanism The binary checks for updates every 24 hours from the HuggingFace repository: The update process fetches a version file from hxxps://huggingface . co/jpeek998/system-releases/resolve/main using the embedded HuggingFace token, compares it against the current BINARY VERSION “1.0.8” , and if a newer version is available, downloads the platform-specific binary and replaces the running executable. The current binary was built against version 1.0.7 in the config but reports as 1.0.8 , suggesting the version was bumped after the config was encoded. Upload Resilience The agent includes a persistent upload queue that survives crashes and restarts. Failed uploads are saved to disk and retried on the next successful C2 connection: If the local archive file is missing on retry e.g., cleaned by antivirus , the agent re-packs the folder from the original path before retrying. Attacker Infrastructure: Live Probe 2026-05-28 We probed the attacker’s HuggingFace infrastructure on May 28, 2026. The findings confirm the exfiltration pipeline is actively operating with real victims. Account Status The attacker operates two HuggingFace accounts: | Account | Created | Purpose | Status May 28 | |---|---|---|---| Lordplay | 2025-11-24 | Binary hosting system-releases repo | Account active, repo disabled by HuggingFace file downloads return 401 . 7 public “football pose detection” models used as cover. | jpeek998 | 2026-05-15 | Data exfiltration private datasets | Fully active. Display name “Jlob”, no public repos. | The Lordplay/system-releases repo metadata is still readable. It lists all four platform binaries MicrosoftSystem64-linux at 85 MB, -win.exe at 67 MB, -darwin-x64 at 87 MB, -darwin-arm64 at 84 MB and a version.txt , last modified May 18. HuggingFace disabled file access but did not remove the repo or the account. The jpeek998 account was created on May 15, 13 days after the Lordplay repo was disabled, as a replacement exfiltration endpoint. The HuggingFace API token embedded in the binary redacted; reported to HuggingFace for revocation authenticated successfully as jpeek998 with read/write access to private datasets at the time of our probe. Active Victim Data Using the embedded token, we enumerated three private datasets under jpeek998 containing exfiltrated data from two active victims: | Dataset | Victim | Type | Files | Time range UTC | Size | |---|---|---|---|---|---| jpeek998/linux ubuntu f083ccb52684 | Linux Ubuntu | Screenshots base64 PNG in JSON | 323 | May 27 23:51 to May 28 05:14 | ~167 MB | jpeek998/win wulin e8bc41d9aca8 | Windows user wulin | Screenshots base64 PNG in JSON | 94 | May 28 03:41 to May 28 05:14 | ~16 MB | jpeek998/win wulin e8bc41d9aca8 scan files | Windows user wulin | Stolen credential files gzip | 1 | May 28 03:43 | 500 MB | The screenshots are captured every 60 seconds and uploaded as JSON files containing a screenshot key with base64-encoded PNG data. We downloaded and decoded all 417 screenshots from both datasets. The following images are actual exfiltrated screenshots recovered from the attacker’s HuggingFace datasets, shown here as evidence of the active surveillance operation. The Linux victim’s desktop shows a crypto trading terminal MT5 connected to Binance EUR/BTC , Python scripts, and Polymarket bot notifications: The Windows victim’s desktop shows ChatGPT, a JoinQuant algorithmic trading platform, and VS Code with multiple browser tabs open to cryptocurrency exchanges: A later capture of the same Windows victim shows them browsing JoinQuant’s strategy backtesting interface with active trading algorithms: Both victims are cryptocurrency traders, which aligns with the payload’s focus on stealing wallet extensions and browser credentials. The attacker is watching their screens in near real-time while simultaneously exfiltrating their credential databases. Stolen Data Contents The 500 MB credential archive from the Windows victim wulin uses a custom binary packing format not standard tar/zip . String extraction reveals 1,097 credential files stolen from the machine, organized by a numeric index with sanitized path names. Data stolen from user wulin C: drive : - SSH keys: id rsa , id rsa.pub , known hosts , known hosts.old - Chrome Login Data, Cookies, Web Data, History, Bookmarks Default and Profile 2 - Edge Login Data, Cookies, Web Data, History - Chrome and Edge Local State files contain DPAPI-encrypted master keys - Claude Desktop app data Claude-3p/Local State , Crashpad settings - NVIDIA app embedded browser credentials - Various Electron app credential stores Data stolen from user Nicolas D: drive, second user profile or mapped drive : - WeChat xwechat session data, history, and web data across multiple profiles - HuaYoungBrowser anti-detect browser Login Data, Cookies, and History from multiple shop profiles shop IDs 327099334275079 , 331362951237637 , 335250269933673 , 335269886693379 , 339596858634247 - Remote Desktop connection files .rdp - Todoist app credentials - Telegram data The presence of HuaYoungBrowser shop profiles suggests the victim may be running an e-commerce operation with multiple store accounts. The stealer harvested credentials from every Chromium-based application on both user profiles across two drives. Dataset Naming Convention The agent constructs dataset names from the victim’s agentId derived from platform username machineId and the scan type: Each dataset is created as a private HuggingFace dataset via POST hxxps://huggingface . co/api/repos/create . Files are uploaded as Git LFS commits using NDJSON-formatted commit operations. After each upload, the agent notifies the C2 at hxxp://195 . 201 . 194 . 107:8010/api/validate/hf-upload-complete with upload metadata so the operator knows which dataset to pull. Attribution: The toskypi / jpeek Cluster Cross-referencing the attacker identifiers embedded in this binary with public threat intelligence reveals a broader campaign spanning multiple npm packages, HuggingFace accounts, and at least three months of activity. Identity Cluster The SSH key comment bink@DESKTOP-N8JGD6T leaked in js-logger-pack v1.1.5 is the strongest forensic anchor. JFrog Research https://research.jfrog.com/post/hugging-face-exfil/ traced this to a GitHub identity ptc-bink and a web persona whisdev , with copilot-ai.whisdev.org serving as a secondary hostname on the same C2 IP 195 . 201 . 194 . 107 . The npm publisher account jpeek868 email declared email protected /cdn-cgi/l/email-protection toskypi as the package author, a name that appears independently in kmsec.uk’s Contagious Trader campaign report https://kmsec.uk/blog/contagious-trader/ under the email . email protected /cdn-cgi/l/email-protection The jpeek namespace rotates numerically: jpeek868 , jpeek886 , jpeek895 are all linked npm accounts sharing the same Lordplay/system-releases HuggingFace infrastructure for binary staging. Additional associated npm accounts include pvnd3540749 and yggedd817513 . | Alias | Platform | Role | |---|---|---| jpeek868 / jpeek886 / jpeek895 | npm | Package publishers rotated after takedowns | toskypi | npm author field | Persistent author identity across campaigns | Lordplay | HuggingFace | Binary staging system-releases , disabled by HF | jpeek998 “Jlob” | HuggingFace | Active exfiltration endpoint created 2026-05-15 | whisdev / ptcbink | HuggingFace, GitHub | Linked persona, C2 hostname copilot-ai.whisdev.org | bink@DESKTOP-N8JGD6T | SSH key leaked | Attacker’s development machine | snipmaxi | Telegram | Linked handle | Attributed Malicious Packages The same actor or closely coordinated group published at least seven malicious npm packages: | Package | Account | Date | Mechanism | |---|---|---|---| polymarket-validator | toskypi | Feb 2026 | Exfil to sha256-validate-rpc.vercel . app | changelog-logger-utilities | toskypi | Mar 15, 2026 | Exfil to changelog . rest | js-logger-pack | jpeek868 / toskypi | Apr 1-20, 2026 | WebSocket stealer, then HF binary dropper | terminal-logger-utils | jpeek895 cluster | May 20-21, 2026 | RC4/XOR obfuscated MicrosoftSystem64 dropper | ts-logger-pack | linked | Apr 1 / May 20, 2026 | Dependency proxy to terminal-logger-utils | pretty-logger-utils | jpeek895 cluster | May 2026 | Same dropper infrastructure | pinno-loggers | jpeek895 cluster | May 2026 | Same dropper infrastructure | The February and March packages polymarket-validator , changelog-logger-utilities belong to the Contagious Trader campaign https://kmsec.uk/blog/contagious-trader/ targeting cryptocurrency trading bot developers. The April pivot to js-logger-pack introduced the HuggingFace exfiltration channel. After npm took down js-logger-pack on April 22, the May packages terminal-logger-utils and its dependents continued distributing MicrosoftSystem64 under fresh accounts, demonstrating rapid account rotation and operational resilience. Campaign Lineage kmsec.uk https://kmsec.uk/blog/contagious-trader/ and OX Security https://www.ox.security/blog/north-korean-npm-infostealer-rat/ independently attribute this cluster to FAMOUS CHOLLIMA also tracked as Contagious Interview , a DPRK-linked threat actor group known for targeting developers through poisoned npm packages, fake job interviews, and trojanized trading tools. The toskypi identity appears alongside approximately 20 other npm accounts in the Contagious Trader report, and kmsec.uk linked jpeek895 to the earlier BigSquatRat campaign https://kmsec.uk/blog/js-malware-bigmathix/ bigmathix , bigmathutils , axios-net from January 2026. The operational pattern is consistent: purpose-built throwaway npm accounts, cryptocurrency/developer tooling as lures, credential theft with a focus on crypto wallets, and infrastructure pivoting after disclosure. What distinguishes this particular iteration is the adoption of HuggingFace as both a binary CDN and exfiltration backend, a technique that makes network-level detection significantly harder since all traffic appears as authenticated HTTPS requests to a legitimate ML platform. Conclusion MicrosoftSystem64 is a well-engineered, multi-platform RAT that leverages HuggingFace as both a binary distribution CDN and a data exfiltration backend. The abuse of a legitimate ML platform for command-and-control infrastructure makes network-level detection challenging: all exfiltration traffic appears as authenticated HTTPS requests to huggingface.co . The 24-task C2 protocol, cross-platform keylogger, 80+ wallet extension targets, and persistent self-update loop make this a comprehensive credential theft platform operating in the open source supply chain. Our live probe of the attacker’s infrastructure on May 28, 2026 confirmed this is not a theoretical threat: the exfiltration pipeline was actively operating, the embedded HuggingFace token was still valid, and real victims were being surveilled with screenshots captured every 60 seconds and hundreds of credential files exfiltrated. The attacker has already pivoted accounts once from Lordplay to jpeek998 after the first repo was disabled, demonstrating operational resilience. Organizations that installed js-logger-pack , terminal-logger-utils , ts-logger-pack , pretty-logger-utils , pinno-loggers , or any other package from the jpeek / toskypi cluster should treat it as a full compromise: rotate all credentials, SSH keys, API tokens, and crypto wallet seed phrases on affected machines. The actor’s pattern of rapid account rotation after takedowns means new package names distributing the same MicrosoftSystem64 binary should be expected. To detect this payload in your dependency tree before it executes, scan your projects with vet https://github.com/safedep/vet . References JFrog Research: Data Exfiltration via Hugging Face https://research.jfrog.com/post/hugging-face-exfil/ SafeDep: Malicious npm Package js-logger-pack Ships a Multi-Platform WebSocket Stealer /malicious-js-logger-pack-npm-stealer OX Security: North Korean-Linked Threat Actor Targets Developers with New npm Infostealer RAT https://www.ox.security/blog/north-korean-npm-infostealer-rat/ kmsec.uk: Contagious Trader Campaign https://kmsec.uk/blog/contagious-trader/ kmsec.uk: BigSquatRat Campaign bigmathix https://kmsec.uk/blog/js-malware-bigmathix/ kmsec.uk: DPRK npm Research Feed https://dprk-research.kmsec.uk/ Node.js Single Executable Applications documentation https://nodejs.org/api/single-executable-applications.html - vet - malware - npm - supply-chain - stealer - crypto - huggingface - rat Author SafeDep Team safedep.io Share The Latest from SafeDep blogs Follow for the latest updates and insights on open source security & engineering 141 npm Packages Abuse Registry as Adware Hosting /malicious-npm-terminal3airport-proxy-adware-spam npm account terminal3airport published 141 packages containing a web proxy unblocker disguised as tutoring websites. The packages load popunder ads, external monetization scripts, and Google... Megalodon: Mass GitHub Repo Backdooring via CI Workflows /megalodon-mass-github-repo-backdooring-ci-workflows Over 5,700 malicious commits were pushed to GitHub repositories on May 18, 2026, replacing GitHub Actions workflows with base64-encoded secret exfiltration payloads. The "megalodon" campaign targeted... forge-jsxy: 22 Versions of an Actively Developed npm RAT /malicious-forge-jsxy-npm-rat-evolution forge-jsxy picked up where the taken-down forge-jsx left off, publishing 22 versions over 22 days. Each release added new capabilities: crypto wallet scanning, Chromium extension theft, WebRTC data... Polymarket npm Packages Steal Crypto Wallet Keys /malicious-polymarket-npm-crypto-wallet-drainer Nine coordinated npm packages target Polymarket traders with a social-engineered postinstall prompt that exfiltrates raw private keys to a Cloudflare Worker. The attacker published all packages... Ship Code. Not Malware. Start free with open source tools on your machine. Scale to a unified platform for your organization.