今日已更新 353 条资讯 | 累计 21219 条内容
关于我们

Someone hid a full RAT inside a fake npm package and exfiltrated victim data to HuggingFace

/u/BattleRemote3157 2026年05月29日 17:34 3 次阅读 来源:Reddit r/programming

A malicious npm package name js-logger-pack , went through 29 versions on the registry which was looking innocuous logger and ending as a binary dropper. The payload it dropped was 81 MB of binary called MicrosoftSystem64 which is a full cross-platform RAT packaged as a Node.js Single Executable Application, so it shows up as a native binary to endpoint tools rather than a node process. And the clever bit was instead of sending the stolen data directly to a C2 server, it uploads everything to private HuggingFace datasets using an embedded API token. So all exfiltration traffic appears as normal HTTPS requests to a legitimate ML platform. If you have any of those in your install history then rotate everything like credentials, SSH keys, API tokens, crypto seed phrases. All packages list and full technical breakdown is in blog. submitted by /u/BattleRemote3157 [link] [留言]

本文内容来源于互联网,版权归原作者所有
查看原文