Malicious packages utils-terminal and logger-active deploy MicrosoftSystem64 RAT targeting developers and crypto wallets
Microsoft Threat Intelligence has warned that two compromised npm packages, utils-terminal@3.2.1 and logger-active@3.2.1, are being used to deploy a remote access trojan known as MicrosoftSystem64. The campaign is notable because it abuses Hugging Face infrastructure not only as a trusted-looking delivery channel, but also as an exfiltration endpoint for stolen victim data.
The discovery highlights a growing pattern in software supply-chain attacks: threat actors are increasingly hiding malicious activity behind legitimate developer and AI platforms that are often allowed through corporate network controls.
What happened?
The compromised npm packages were published under the npm user hexalpha10, with the author listed as toskypi. Once installed, the packages deploy a malicious payload identified as MicrosoftSystem64, a cross-platform remote access trojan.
The malware is designed to give attackers persistent access to infected systems and to collect sensitive information from developer machines. Reported capabilities include:
- Keystroke logging
- Screenshot capture
- Theft of cryptocurrency wallet credentials
- Browser and credential harvesting
- Communication with attacker-controlled command-and-control servers
- Exfiltration of collected data through Hugging Face API endpoints
This makes the campaign especially dangerous for developers, build systems, crypto users, and organizations that allow unrestricted outbound access to AI and machine learning platforms.
Why Hugging Face abuse matters
Hugging Face is widely used by developers, researchers, and AI teams to host models, datasets, and related tooling. Because of this, traffic to huggingface.co may be considered normal in environments that work with machine learning workloads.
The attacker appears to take advantage of that trust. Instead of relying only on obviously suspicious infrastructure, the malware uses huggingface.co/api as part of its exfiltration flow. In organizations where Hugging Face traffic is broadly allowed, this may help the activity blend into normal developer or AI-related traffic.
Defenders should treat unexpected calls to huggingface.co/api from non-ML workloads, developer workstations, CI runners, or servers with no legitimate AI function as suspicious.
Malware behavior
The deployed payload, MicrosoftSystem64, attempts to establish persistence and maintain attacker access across multiple operating systems.
On Windows, reported persistence mechanisms include:
- Registry Run key:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MicrosoftSystem64 - Scheduled task:
\MicrosoftSystem64
On Linux, persistence may be created through a systemd service named:
MicrosoftSystem64.service
The malware also stores payload-related files under a directory path associated with:
MicrosoftSystem64/payload.js
Once active, the RAT communicates with attacker-controlled infrastructure and can capture sensitive user activity. The combination of keystroke logging, screenshot capture, and crypto wallet targeting makes this campaign a high-risk compromise scenario.
Indicators of Compromise
npm indicators
- npm user:
hexalpha10 - Author:
toskypi - Package:
utils-terminal@3.2.1 - Package:
logger-active@3.2.1
Network indicators
195.201.194[.]107:8010c2-toskypi.onrender[.]comhuggingface[.]co/api
Host indicators
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MicrosoftSystem64MicrosoftSystem64.service\MicrosoftSystem64MicrosoftSystem64/payload.js
Recommended actions
Organizations should immediately review environments where the affected packages may have been installed.
Recommended response steps:
- Search package manifests, lockfiles, local npm caches, CI logs, and build artifacts for
utils-terminal@3.2.1andlogger-active@3.2.1. - Treat any system that installed one of these packages as potentially compromised.
- Remove the packages and rebuild affected environments from trusted sources.
- Hunt for
MicrosoftSystem64persistence artifacts across Windows and Linux systems. - Review outbound traffic for connections to
195.201.194[.]107:8010,c2-toskypi.onrender[.]com, and suspicioushuggingface.co/apiactivity. - Rotate credentials, API tokens, SSH keys, npm tokens, browser-stored secrets, and cryptocurrency wallet credentials exposed on affected hosts.
- Review CI/CD runners and developer workstations for unexpected post-install script execution.
- Restrict or monitor package install scripts where possible, especially in automated build environments.
Detection ideas
Security teams can create detections around the following behaviors:
- npm install activity followed by execution of unknown JavaScript payloads
- Creation of
MicrosoftSystem64persistence entries - WebSocket traffic to
195.201.194[.]107:8010 - HTTP traffic to
c2-toskypi.onrender[.]com - Non-ML systems making API calls to
huggingface.co/api - New scheduled tasks or systemd services using Microsoft-themed names on non-standard paths
- Developer machines initiating unusual outbound connections shortly after npm package installation
Supply-chain lesson
This campaign is another reminder that npm package risk is not limited to obvious typosquatting or abandoned projects. Even packages that look like simple developer utilities can execute code during installation, deploy cross-platform payloads, and abuse trusted SaaS platforms for command-and-control or exfiltration.
For defenders, the key takeaway is visibility. Package installs, post-install scripts, outbound developer workstation traffic, and CI/CD egress should be monitored together. A suspicious package name alone may not tell the full story, but package installation followed by persistence creation and unusual API traffic is a strong signal of compromise.
Conclusion
The compromised utils-terminal@3.2.1 and logger-active@3.2.1 packages demonstrate how software supply-chain attacks continue to evolve. By combining npm package abuse, a capable RAT, crypto wallet theft, and Hugging Face-based exfiltration, the attackers created a campaign that targets both developers and the trusted platforms they use every day.
Organizations should hunt for the listed IOCs, investigate any unexpected Hugging Face API traffic, and treat affected systems as compromised until fully rebuilt and credentials have been rotated.
Sources
- Microsoft Threat Intelligence — disclosure on compromised npm packages
utils-terminal@3.2.1andlogger-active@3.2.1abusing Hugging Face as exfiltration infrastructure. - JFrog Research — analysis of malicious npm activity abusing Hugging Face for malware delivery and stolen-data storage.
- SafeDep Research — technical analysis of the
MicrosoftSystem64supply-chain RAT payload.
Founder of ToolsLib, Designer, Web and Cybersecurity Expert.
Passionate about software development and crafting elegant, user-friendly designs.
Stay Updated with ToolsLib! 🚀
Join our community to receive the latest cybersecurity tips, software updates, and exclusive insights straight to your inbox!
