MicrosoftSystem64 Malware Uses HuggingFace Datasets for Stealthy Data Exfiltration
Cybersecurity NewsArchived May 29, 2026✓ Full text saved
A newly discovered malware called MicrosoftSystem64 has been quietly stealing data from infected computers by routing stolen files through HuggingFace, the popular AI platform used by researchers and developers worldwide. The malware disguises itself as a legitimate Microsoft process, making it significantly harder for security tools to flag it as a threat. Its ability to […] The post MicrosoftSystem64 Malware Uses HuggingFace Datasets for Stealthy Data Exfiltration appeared first on Cyber Secur
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeCyber Security News
MicrosoftSystem64 Malware Uses HuggingFace Datasets for Stealthy Data Exfiltration
By Tushar Subhra Dutta
May 29, 2026
A newly discovered malware called MicrosoftSystem64 has been quietly stealing data from infected computers by routing stolen files through HuggingFace, the popular AI platform used by researchers and developers worldwide.
The malware disguises itself as a legitimate Microsoft process, making it significantly harder for security tools to flag it as a threat. Its ability to abuse trusted, widely used infrastructure marks a serious shift in how attackers move stolen data without being caught.
The attack starts with a poisoned npm package called js-logger-pack, which went through 29 versions between early April 2026, growing from a basic probe into a full malware dropper.
Once a developer installs the package, it silently downloads and executes MicrosoftSystem64, an 81 MB binary that runs on Windows, Linux, and macOS without needing any separate software pre-installed.
From that point, the malware connects to a remote server, begins harvesting data, and locks itself into the system to survive restarts.
Researchers from SafeDep said in a report shared with Cyber Security News (CSN) that their April 15 analysis first identified the second-stage payload and documented how it abuses HuggingFace as both a binary hosting service and a data exfiltration channel. JFrog Research independently confirmed the same campaign a week later.
Despite both disclosures, the threat remained fully active as of May 28, 2026, with victims being monitored in real time and the attacker’s infrastructure still operating without interruption.
The malware is a remote access trojan with sweeping capabilities. It targets credentials from 15 browser families, lifts data from over 80 cryptocurrency wallet extensions, hijacks Telegram Desktop sessions, copies SSH keys, runs a continuous keylogger, and takes screenshots every 60 seconds.
All of this is uploaded to private datasets on HuggingFace under the attacker’s account. With 24 supported remote commands, the operators have near complete control over any infected system.
Attribution links the campaign to a North Korea-connected threat group tracked as Contagious Interview, known for targeting developers through fake job interviews and compromised open-source packages.
Multiple npm publisher accounts were used across the campaign, including js-logger-pack, terminal-logger-utils, ts-logger-pack, pretty-logger-utils, and pinno-loggers.
Any developer who installed packages from the jpeek or toskypi cluster should treat the machine as compromised and rotate all credentials immediately.
MicrosoftSystem64 Malware Uses HuggingFace Datasets
What sets this malware apart is how it moves stolen data. Instead of sending files back to a private server, MicrosoftSystem64 uploads them to private HuggingFace datasets using the platform’s own API.
This means all outbound traffic looks like normal, authenticated HTTPS requests to a well-known AI platform, the type of traffic most network monitoring tools would not flag as suspicious.
Each victim gets a separate set of private datasets on the attacker’s HuggingFace account, organized by machine identity and data category covering screenshots, credentials, and SSH keys.
The malware also pulls updates from HuggingFace every 24 hours, replacing its own binary when a newer version is available. SafeDep’s live probe on May 28 confirmed the attacker’s token was still active and recovered over 400 screenshots from two real victims who were being watched in near real time.
Supply Chain Entry and Cross-Platform Persistence
The infection path runs through the open-source supply chain, using npm packages crafted to look like routine developer utilities.
Once installed, the malware digs in using the native persistence tools of each platform: scheduled tasks and registry keys on Windows, LaunchAgents on macOS, and systemd services with autostart entries on Linux.
It labels its own process as MicrosoftSystem64 in system listings, closely mimicking the appearance of a genuine Microsoft background service.
The malware reconnects to its command server over WebSocket after any interruption and retries failed uploads automatically, so a temporary outage does not cost the attacker any stolen data.
Security teams and developers are strongly advised to scan all project dependencies for packages linked to the jpeek or toskypi cluster, isolate any affected machines, and immediately rotate all credentials, API tokens, SSH keys, and cryptocurrency wallet seed phrases without delay.
Indicators of Compromise (IoCs)
Type Indicator Description
Type Indicator Description
IP Address 195[.]201[.]194[.]107:8010 C2 server (WebSocket + HTTP), hosted on Hetzner Online GmbH, DE, AS24940
File Hash (SHA-256) b2954c945b51dbd6fa88ac72338b7fbf76dec7d9909ceada9d36b21330842c97 MicrosoftSystem64 Linux ELF binary (v1.0.8)
File Name MicrosoftSystem64 Malicious binary — Linux variant
File Name MicrosoftSystem64.exe Malicious binary — Windows variant
File Name MicrosoftSystem64-darwin-x64 Malicious binary — macOS (Intel) variant
File Name MicrosoftSystem64-darwin-arm64 Malicious binary — macOS (Apple Silicon) variant
URL hxxps://huggingface[.]co/jpeek998/system-releases/resolve/main HuggingFace binary hosting and self-update endpoint
HuggingFace Account jpeek998 Active exfiltration account (display name “Jlob”), created 2026-05-15
HuggingFace Account Lordplay Earlier binary staging account (system-releases repo), file access disabled by HuggingFace
npm Package js-logger-pack Primary dropper package (v1.1.22+ acts as MicrosoftSystem64 dropper)
npm Package terminal-logger-utils May 2026 dropper, RC4/XOR obfuscated
npm Package ts-logger-pack Dependency proxy to terminal-logger-utils
npm Package pretty-logger-utils May 2026 dropper under jpeek895 cluster
npm Package pinno-loggers May 2026 dropper under jpeek895 cluster
npm Account jpeek868 / jpeek886 / jpeek895 Rotated npm publisher accounts sharing Lordplay HuggingFace infrastructure
npm Account toskypi Persistent author identity across campaigns (email: tosky.pi1016@gmail.com)
HuggingFace Token (encrypted) MlohU84sIc82dTpY/CgE3jdOOWD1OwnyDXYRds4bG+cUeBRH7w== Encrypted HuggingFace API token embedded in binary config (reported for revocation)
XOR Encryption Key XOR key used to decrypt hardcoded binary configuration values
Hostname copilot-ai.whisdev[.]org Secondary C2 hostname on same IP (195[.]201[.]194[.]107), linked to whisdev/ptcbink persona
SSH Key Comment bink@DESKTOP-N8JGD6T Leaked SSH key comment from js-logger-pack v1.1.5, attacker’s development machine
URL hxxp://195[.]201[.]194[.]107:8010/api/validate/hf-upload-complete C2 endpoint that receives HuggingFace upload completion notifications
Persistence — Windows \MicrosoftSystem64 (scheduled task); HKCU\Software\Microsoft\Windows\CurrentVersion\Run Windows persistence mechanisms used by the malware
Persistence — macOS ~/Library/LaunchAgents/com.launchkeeper.MicrosoftSystem64.plist macOS LaunchAgent persistence path
Persistence — Linux ~/.config/systemd/user/MicrosoftSystem64.service; ~/.config/autostart/MicrosoftSystem64.desktop Linux systemd and XDG autostart persistence paths
Install Directory ~/.local/share/MicrosoftSystem64 (Linux); ~/Library/Application Support/MicrosoftSystem64 (macOS); %LOCALAPPDATA%\MicrosoftSystem64 (Windows) Per-platform install directories
Registration Marker .registered (ISO timestamp file in install directory) First-execution marker written by malware to track installation
Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Tushar Subhra Dutta
Tushar is a senior cybersecurity and breach reporter. He specializes in covering cybersecurity news, trends, and emerging threats, data breaches, and malware attacks. With years of experience, he brings clarity and depth to complex security topics.
Trending News
Italian Authorities Dismantled CINEMAGOAL App that Enables Access to Various Streaming Platforms
Hackers Actives Scanning SonicWall Firewall Interfaces – 597,000 Sessions Observed
Top 10 Best Mobile Application Security Testing (MAST) Tools in 2026
Hackers Hide Linux Payload Under SSH-Like Filename During Package Installation
Anthropic Updates Claude Code With Security Plugin and Faster Performance
Latest News
Cyber Security News
Critical Samba Vulnerability Enables Remote Code Execution Attacks
Chrome
Google Patches 151 Vulnerabilities in Chrome, Including 22 Critical Ones
Cyber Security News
Google Employee Charged for Making $1.2 Million With Confidential Information
Cyber Security News
VS Code Remote-SSH RCE Lets Attackers Pivot From Developer Machines to Cloud Servers
Cyber Security
Hackers Exploit Microsoft Teams’ Collaboration Features to Impersonate IT Helpdesk Staff