Security researchers at SafeDep published findings on May 28 documenting an active npm supply chain campaign that plants a remote access trojan on developer machines, then routes all stolen credentials to private HuggingFace datasets. Two victims were confirmed under real-time surveillance at publication: one on Ubuntu running cryptocurrency trading software, another on Windows with 1,097 credential files and 500 MB of archived data already exfiltrated.

What Happened

The campaign is attributed to FAMOUS CHOLLIMA, a North Korea-linked (DPRK) threat group tracked by CrowdStrike. Malicious packages appeared on npm starting in April 2026, led by js-logger-pack, with follow-on packages pushed in May: terminal-logger-utils, ts-logger-pack, pretty-logger-utils, and pinno-loggers. Each installs an 81 MB Node.js single-executable RAT that connects to a WebSocket C2 server and awaits commands.

The defining feature of this campaign is using HuggingFace as dual-purpose infrastructure. The RAT binary was hosted on a HuggingFace repository under account Lordplay (since disabled). Stolen data is uploaded to a second HuggingFace dataset under account jpeek998. The embedded HuggingFace access token remained active as of May 28, confirming the operation was still running during the SafeDep investigation.

Why It Matters for AI Creators

HuggingFace is central to AI creative workflows. Stable Diffusion model checkpoints, ComfyUI custom nodes, LoRAs, and transformer weights all route through it. The attacker chose HuggingFace specifically because security tooling on developer and creator machines rarely flags outbound traffic to huggingface.co as suspicious. Anyone with a HuggingFace account on a machine that ran one of these packages should treat their tokens and credentials as compromised.

The RAT implements 24 remote commands and targets: browser credentials from 15 families (Chrome, Brave, Edge, Firefox, Opera, Vivaldi, Yandex, and variants), over 80 cryptocurrency wallet browser extensions, SSH private keys (id_rsa, id_ecdsa, id_ed25519), Telegram Desktop session folders, clipboard content, and periodic screenshots every 90 minutes.

Review your HuggingFace access tokens and revoke any you do not recognize, especially if you installed packages from these names on a machine connected to your HuggingFace account.

Key Details

  • Active malicious packages: js-logger-pack, terminal-logger-utils, ts-logger-pack, pretty-logger-utils, pinno-loggers
  • Earlier campaign packages: polymarket-validator, changelog-logger-utilities
  • RAT payload: 81 MB Node.js SEA binary, 24 remote commands, cross-platform (Windows and Linux)
  • C2 server: 195[.]201[.]194[.]107:8010 over WebSocket
  • Exfiltration endpoint: HuggingFace dataset, account jpeek998
  • Attribution: FAMOUS CHOLLIMA (DPRK-linked), active since April 2026

What to Do Next

  1. Run npm audit across all active projects and check global packages with npm ls -g --depth=0.
  2. Search for the named packages: grep -r "js-logger-pack\|terminal-logger-utils\|ts-logger-pack\|pretty-logger-utils\|pinno-loggers" package.json package-lock.json
  3. If any are found, treat the machine as fully compromised and rotate all passwords, API tokens, and SSH keys before continuing work.
  4. On HuggingFace: log into account settings, revoke all unrecognized API tokens, and enable two-factor authentication if not already active.