Malware

js-logger-pack

For your environment

Hunt this family in your stack

Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.

Start free trial

MITRE ATT&CK

Techniques & procedures

17 distinct techniques documented for this family, organized by ATT&CK tactic.

Initial Access

1 technique

T1195Supply Chain CompromiseEvidence2

js-logger-pack@1.1.27 is a thin but effective supply-chain dropper, creatively abusing Hugging Face as a CDN and an exfiltration backend.

Execution

4 techniques

T1053Scheduled Task/JobEvidence1

Once deployed, the implant established persistence through platform-native methods: scheduled tasks and registry Run keys on Windows, LaunchAgent entries on macOS, and systemd user units on Linux.

T1059Command and Scripting InterpreterEvidence1

The actual trigger is the postinstall script in package.json : "scripts" : { "postinstall" : "node print.cjs" } print.cjs backgrounds itself into a detached Node child so npm install terminates while the downloader keeps running.

T1059.007JavaScriptEvidence2

The malicious logic lives entirely inside the injected JavaScript bundle.

T1204.002Malicious FileEvidence1

When developers installed it, a plausible but benign logger loaded into their project, masking the real threat. The actual attack started through a postinstall script that ran automatically during installation.

Persistence

4 techniques

T1053Scheduled Task/JobEvidence1

Once deployed, the implant established persistence through platform-native methods: scheduled tasks and registry Run keys on Windows, LaunchAgent entries on macOS, and systemd user units on Linux.

T1543.001Launch AgentEvidence1

Once deployed, the implant established persistence through platform-native methods: scheduled tasks and registry Run keys on Windows, LaunchAgent entries on macOS, and systemd user units on Linux.

T1543.002Systemd ServiceEvidence1

Once deployed, the implant established persistence through platform-native methods: scheduled tasks and registry Run keys on Windows, LaunchAgent entries on macOS, and systemd user units on Linux.

T1547.001Registry Run Keys / Startup FolderEvidence1

Once deployed, the implant established persistence through platform-native methods: scheduled tasks and registry Run keys on Windows, LaunchAgent entries on macOS, and systemd user units on Linux.

Privilege Escalation

4 techniques

T1053Scheduled Task/JobEvidence1

Once deployed, the implant established persistence through platform-native methods: scheduled tasks and registry Run keys on Windows, LaunchAgent entries on macOS, and systemd user units on Linux.

T1543.001Launch AgentEvidence1

Once deployed, the implant established persistence through platform-native methods: scheduled tasks and registry Run keys on Windows, LaunchAgent entries on macOS, and systemd user units on Linux.

T1543.002Systemd ServiceEvidence1

Once deployed, the implant established persistence through platform-native methods: scheduled tasks and registry Run keys on Windows, LaunchAgent entries on macOS, and systemd user units on Linux.

T1547.001Registry Run Keys / Startup FolderEvidence1

Once deployed, the implant established persistence through platform-native methods: scheduled tasks and registry Run keys on Windows, LaunchAgent entries on macOS, and systemd user units on Linux.

Credential Access

2 techniques

T1056.001KeyloggingEvidence1

The attacker had a live foothold capable of reading and writing arbitrary files, scanning for credentials, logging keystrokes, monitoring the clipboard, and deploying more payloads.

T1555Credentials from Password StoresEvidence1

The attacker had a live foothold capable of reading and writing arbitrary files, scanning for credentials... The implant also supported a session-clearing feature that killed browser processes and wiped credentials, forcing users to retype passwords while the keylogger was already running.

Discovery

2 techniques

T1082System Information DiscoveryEvidence1

It then began sending system information to a hard-coded command-and-control server... over WebSocket.

T1083File and Directory DiscoveryEvidence1

The attacker had a live foothold capable of reading and writing arbitrary files, scanning for credentials, logging keystrokes, monitoring the clipboard, and deploying more payloads.

Collection

3 techniques

T1056.001KeyloggingEvidence1

The attacker had a live foothold capable of reading and writing arbitrary files, scanning for credentials, logging keystrokes, monitoring the clipboard, and deploying more payloads.

T1115Clipboard DataEvidence1

The attacker had a live foothold capable of reading and writing arbitrary files, scanning for credentials, logging keystrokes, monitoring the clipboard, and deploying more payloads.

T1560Archive Collected DataEvidence1

When the operator triggered an upload task through the C2, the implant received a Hugging Face token, a username, a target path, and an upload ID. It compressed the requested file or folder into a gzip archive... and uploaded the archive using an embedded Hugging Face hub client.

Command and Control

2 techniques

T1071.001Web ProtocolsEvidence1

It then began sending system information to a hard-coded command-and-control server at 195[.]201[.]194[.]107 over WebSocket.

T1105Ingress Tool TransferEvidence2

It pulls one of four filenames from https://huggingface.co/Lordplay/system-releases/resolve/main/ based on the host platform and architecture.

Exfiltration

1 technique

T1567.002Exfiltration to Cloud StorageEvidence2

What is new is that the operator now outsources stolen data storage to private Hugging Face datasets rather than hosting it on the C2 server directly.

INDICATORS OF COMPROMISE

IOCs tracked for this family

20 indicators attributed across vendor reports, sandbox runs, and researcher write-ups. Full values are available in Mallory.

View more in app

Network

5 tracked

IPs, domains, and DNS infrastructure linked to this family.

Hashes

7 tracked

File hashes (MD5, SHA-1, SHA-256) from samples and reports.

Other

8 tracked

Other indicator types observed in public reporting.

TypeValueLatest sighting

ip.v4●●●●●●●●●●●●View more in apptoday

domain●●●●●●●●●●●●View more in app21 days ago

uri●●●●●●●●●●●●View more in app21 days ago

domain●●●●●●●●●●●●View more in app21 days ago

ACTIVITY FEED

Recent activity

1 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

1 SOURCESView more in app

jfrog researchNews

Apr 19, 2026

js-logger-pack Operator Turns Hugging Face into a Malware CDN and Exfiltration Backend - JFrog Security Research

A malicious npm package used as a supply-chain dropper. Its postinstall script launches a detached Node child that downloads and executes the MicrosoftSystem64 platform-specific binary from Hugging Face. It serves as the initial delivery mechanism for the second-stage implant.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets match these IOCs, which detections are missing, which campaigns to expect next, and what to do in the next 30 minutes.

Start free trial

IOC matching20

Match every observed IP, domain, and hash against your live telemetry.

Threat actor attribution

Named campaigns wielding this family, with evidence pinned to each claim.

Exploited vulnerabilities

CVEs this family uses for access and lateral movement.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

MITRE ATT&CK mapping17

Every documented technique, ranked by evidence weight.

Researcher chatter

Reddit, Mastodon, and CTI community discussion around this family.