Beyond the CDN: How the js-logger-pack Supply Chain Attack Weaponizes Hugging Face for Data Exfiltration
In a sophisticated evolution of supply-chain tactics, the malicious npm package js-logger-pack has transitioned from using Hugging Face as a simple malware repository to utilizing it as a dynamic, live exfiltration backend. By repurposing a premier AI platform, the attackers have built a full-featured, cross-platform implant chain that leverages the inherent trust associated with popular developer ecosystems.
While earlier iterations of this campaign utilized Hugging Face primarily as a static hosting point for malicious binaries, the latest builds represent a significant step up in operational complexity. The malware now pushes stolen victim data directly into private Hugging Face datasets controlled by the adversary, effectively turning a machine learning powerhouse into their own distributed storage and command-and-control (C2) infrastructure.
The result is a textbook supply-chain attack: a seemingly innocuous logging utility—designed to blend into the daily workflows of software engineers—is actually a potent combination of an infostealer, keylogger, and remote access trojan (RAT).
Upon inspection, js-logger-pack presents a deceptive exterior. The dist/index.js file contains a plausible, benign-looking logger implementation that rarely triggers red flags during casual code reviews. However, the true danger lies in the package configuration and secondary execution stages.
Recent iterations of the package, specifically version 1.1.27, are engineered to download a binary dubbed MicrosoftSystem64. This binary is pulled from the public Hugging Face repository Lordplay/system-releases and executed as a second-stage payload.
The execution vector is cleverly hidden within the package.json file. A postinstall hook is used to silently execute node print.cjs during the standard npm install process. To avoid suspicion, the script immediately backgrounds itself, allowing the installation to report a successful completion to the user while the malicious downloader continues to run undetected in the background.
The print.cjs script performs a platform-aware fetch from the Lordplay repository, downloading one of four distinct MicrosoftSystem64 binaries tailored to the victim’s architecture: Windows (PE), macOS Intel/ARM (Mach-O), or Linux (ELF). Interestingly, these are not separate malware families; rather, they are the same core cross-platform implant wrapped in Node.js Single Executable Application (SEA) containers, utilizing an identical embedded JavaScript bundle across all operating systems.
Implant Capabilities and Command & Control
Once the implant successfully initializes, it immediately works to establish persistence. It utilizes platform-native mechanisms such as Scheduled Tasks or Run keys on Windows, LaunchAgents on macOS, and systemd or XDG autostart on Linux. It then establishes a connection to a hard-coded C2 controller at 195[.]201[.]194[.]107:8010 using a combination of WebSocket and HTTP protocols.

The implant’s baseline capabilities include keystroke logging, clipboard monitoring, and recursive scanning for sensitive files and credentials. Beyond simple data theft, it exposes a robust task protocol that allows a remote operator to:
- List, read, create, or delete files/directories.
- Scan specifically for cryptocurrency wallets and credential stores.
- Exfiltrate sensitive directory data, such as Telegram Desktop information.
- Deploy additional arbitrary binaries or update itself on demand.
A critical security flaw in the implant’s design is its lack of sandboxing; file operations accept absolute, UNC, and drive-letter paths, granting the attacker virtually unrestricted access to any data reachable by the compromised user.

The dual role of Hugging Face in this operation is particularly notable. It serves as both the distribution hub for the MicrosoftSystem64 binaries and the exfiltration destination. The malware periodically polls a version.txt file within the Lordplay repository to check for updates. If a new version is detected, it downloads and restarts the process without performing any cryptographic signature or checksum verification.

Lordplay identity break (Source : JFrog).For large-scale data theft, the attacker can trigger an upload_folder_hf command. This instructs the implant to archive target directories into gzip format and upload them to a private dataset on Hugging Face. The dataset name is dynamically derived from the victim’s agentId and path. By leveraging the embedded Hugging Face client library, the attacker can maintain upload states that resume after reconnections, ensuring they can exfiltrate large amounts of data without needing to host it on their own potentially fragile C2 server.
Cross-Platform Keylogging and Attribution Intelligence
The cross-platform efficacy of the implant stems from its hybrid architecture. While the core logic is JavaScript, it invokes native helpers to ensure high-fidelity data capture. On Windows, it compiles C# code via PowerShell; on macOS, it generates temporary Swift programs; and on Linux, it leverages X11 tooling or direct /dev/input access. This allows the malware to bypass many standard user-space limitations.
Open-source intelligence (OSINT) regarding the Lordplay namespace reveals a calculated attempt at impersonation. While older, benign repositories under this identity appear consistent, the malicious system-releases repository utilizes an author string that mimics a real engineering executive. This “identity break” is likely intended to lend a veneer of legitimacy to the repository during superficial audits.
While forensic evidence shows overlaps with the whisdev / snipmaxi / jrodacooker.dev infrastructure clusters, a definitive attribution to a specific threat actor remains ongoing.
Immediate Remediation Steps:
Any environment that has interacted with js-logger-pack or observed MicrosoftSystem64 activity must be considered fully compromised. This includes developer workstations and CI/CD runners. Defenders should immediately:
- Rotate all secrets: Assume all credentials, API keys, and tokens on affected hosts are compromised.
- Eradicate Persistence: Remove scheduled tasks, Run keys, LaunchAgents, and
systemdartifacts. - Cleanse Dependencies: Purge the malicious npm package and all associated
package-lock.jsonfiles. - Harden Installation: Reinstall dependencies in a controlled environment with script execution disabled by default (e.g., using
npm install --ignore-scripts).