A sophisticated malware named MicrosoftSystem64 has been identified, utilizing the AI platform HuggingFace to exfiltrate data from compromised systems globally. This malicious software masquerades as a legitimate Microsoft process, complicating detection by security solutions and showcasing a novel method of data theft through reputable infrastructures.
Malicious Entry via npm Packages
The initial attack vector is a compromised npm package known as js-logger-pack, which evolved through 29 iterations since April 2026, becoming a full-fledged malware dropper. Once a developer unknowingly installs this package, it discreetly downloads MicrosoftSystem64, an 81 MB executable compatible with Windows, Linux, and macOS, without requiring additional software.
This malware subsequently connects to a command server, initiating data harvesting and embedding itself into the system, ensuring persistence across reboots.
Exfiltration Through HuggingFace
Research from SafeDep, corroborated by JFrog Research, reveals that MicrosoftSystem64 utilizes HuggingFace for both hosting binaries and exfiltrating data. Despite public disclosures, the malware remained operational as of late May 2026, actively compromising systems.
This remote access trojan can extract credentials from numerous browser families, access over 80 cryptocurrency wallet extensions, hijack Telegram sessions, copy SSH keys, and continuously log keystrokes and screenshots. The stolen data is uploaded to private datasets on HuggingFace, making the traffic appear as legitimate HTTPS requests.
Attribution and Continued Risks
Attribution points to a threat group linked to North Korea, known as Contagious Interview, which targets developers via fake job interviews and altered open-source packages. Various npm accounts, such as js-logger-pack and terminal-logger-utils, were utilized in this campaign.
Developers using packages from the jpeek or toskypi clusters are advised to consider their systems compromised and to promptly rotate all credentials. The malware’s reliance on HuggingFace’s API for data uploads means that each victim’s data is organized in separate private datasets, with the malware updating itself via the platform every 24 hours.
The infection spreads through the open-source supply chain, exploiting npm packages disguised as standard utilities. Once installed, the malware achieves persistence using platform-specific tools such as scheduled tasks on Windows, LaunchAgents on macOS, and systemd services on Linux. It mimics legitimate Microsoft services to evade detection.
Security Recommendations and Future Outlook
Security teams are urged to scrutinize all project dependencies for links to the jpeek or toskypi clusters, isolate compromised machines, and change all related credentials, including API tokens and cryptocurrency wallet seeds, without delay.
This incident underscores the need for enhanced vigilance in managing open-source dependencies. As the threat landscape evolves, leveraging trusted platforms for malicious purposes could become increasingly common, demanding robust security measures and continuous monitoring.
