A recently discovered npm package, known as js-logger-pack, has covertly transformed Hugging Face, a well-respected AI model hosting service, into a platform for malware distribution and data exfiltration. This incident highlights a new tactic in cyber attacks, where legitimate cloud services are misused to execute supply chain attacks while masking malicious activities.
Stealthy Attack Methodology
The npm package initially appeared innocuous, as it loaded a seemingly legitimate logger upon installation. However, the real threat was embedded within a postinstall script, which initiated a concealed background process. This allowed the npm installation to complete without raising suspicion, while a hidden downloader continued to operate.
Once executed, the script downloaded one of four malicious binaries depending on the operating system, from a public repository on Hugging Face, controlled by an entity identified as Lordplay/system-releases. Security analysts from JFrog extracted and examined the JavaScript payloads hidden within these binaries, confirming that the same malicious code was consistently used across all platforms.
Persistence and Exfiltration Techniques
After deployment, the malware ensured its persistence using native platform methods such as scheduled tasks on Windows, LaunchAgents on macOS, and systemd user units on Linux. It then began transmitting system information to a pre-configured command-and-control server through a WebSocket connection. This server facilitated remote access for data manipulation and further payload deployment.
Remarkably, the campaign’s exfiltration strategy employed Hugging Face’s infrastructure for storing stolen data. Instead of using private servers, the attacker stored extracted data in private datasets on Hugging Face, minimizing direct server exposure and complicating detection efforts.
Strategic Advantages for Attackers
Utilizing Hugging Face for data storage presented significant operational benefits for the attackers. It reduced the need for direct server data storage, thereby lowering exposure risks. The malware was designed to manage uploads efficiently, ensuring no data was lost even if connectivity issues occurred.
Additionally, the malware had capabilities to disrupt user sessions by killing browser processes and clearing credentials, thereby facilitating keylogging. Any credentials entered post-logout could be quickly captured and sent to the attacker’s datasets.
Preventive Measures and Recommendations
To mitigate the threat, it is crucial to immediately rotate all sensitive credentials, including AWS keys, SSH keys, npm tokens, and database passwords. Removing persistence mechanisms, such as scheduled tasks and registry keys, is also essential. Clearing the npm cache and disabling postinstall scripts by using npm config set ignore-scripts true can prevent further malicious installations.
Systems that have run the js-logger-pack package should be treated as fully compromised until all secrets are rotated, and persistence artifacts are removed. It is vital to carefully review all dependency changes to prevent similar incidents in the future.
