pretty-logger-utils

Details

pretty-logger-utils is a malicious npm package that depends on terminal-logger-utils and triggers the malicious behavior in that package when installed or imported.

The terminal-logger-utils payload executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper downloads and runs a platform-specific second-stage binary from Hugging Face. The second-stage payload provides keylogger, infostealer, and RAT behavior, steals sensitive local data including Telegram Desktop sessions, browser login databases, crypto wallets, SSH keys, cloud configurations, environment variables, and keyword-matched files, and connects to a remote server for full machine control.

Compromised versions (1)

• 1.0.0

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.