malware npm

terminal-logger-utils

discovered 2026-05-28

RC4/XOR obfuscated MicrosoftSystem64 dropper published by jpeek895 cluster (May 20-21, 2026). Same dropper infrastructure as js-logger-pack. Attributed to DPRK Famous Chollima. OSV: MAL-2026-4198 / GHSA-h9jr-prgp-c322.

Threat types

credential_stealer rat c2_agent data_exfiltration

Malicious versions

1.0.0

Campaigns

Contagious Interviewattributed-to

Indicators

ipv4 195.201.194.107communicates-with
url https://huggingface.co/Lordplay/system-releasescommunicates-with

Read the full analysis →