VYPR

npm · Malicious package advisory

Malware

logger-draft

MAL-2026-4346

Malicious code in logger-draft (npm)

Details

Part of a multi-package malicious campaign by npm author `toskypi`, `logger-draft` is a companion package to `eo-terminal` in the same infostealer and remote access trojan (RAT) campaign. Both packages share the same actor, C2 infrastructure, and attack pattern, and are distributed together under a "terminal logging utilities" theme.

The campaign deploys a comprehensive payload via a `postinstall` hook that copies a large JavaScript agent to a persistent location disguised as `MicrosoftSystem64` and registers it as a system service (systemd on Linux, LaunchAgent on macOS, scheduled task or registry run key on Windows). A sandbox check (CPU count and CPU model string) aborts execution in analysis environments. The install process exits cleanly with `process.exit(0)`, leaving no visible error output.

**C2 infrastructure:** Primary WebSocket/HTTP C2 at `ws://195.201.194.107:8010` (Hetzner Cloud, Germany). Stolen data is also exfiltrated to HuggingFace repository `yszf984308/system-release` via a hardcoded API token.

**Capabilities** (shared with campaign):
- **Keylogger** — keystroke and password capture with offline queuing
- **Clipboard harvesting** — 1,000 ms polling via platform-native tools
- **Screenshot capture and live streaming**
- **Browser credential theft** — Chromium-family and Firefox profile directories
- **Crypto wallet exfiltration** — 20+ desktop wallets
- **SSH backdoor** — exfiltrates SSH keys and injects attacker RSA public key into `authorized_keys`
- **Shell history theft** — 15+ history file formats across all user home directories
- **Environment variable and `.env` file theft** — targets cloud and CI/CD credentials at install time
- **Telegram session theft** — full `tdata/` directory exfiltration
- **Cloud credential theft** — AWS, Azure, GCP, Kubernetes, Docker, GnuPG
- **Recursive filesystem scan** — certificate, key, and wallet files uploaded to HuggingFace
- **Remote command execution** and interactive terminal sessions
- **Self-update** via HuggingFace-hosted native binaries

---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (0862a27a4fcbb3fc546fed447371d22dfcabb46e2d6a163754d30ec300fdceb7)
logger-draft@3.2.1 advertises itself as a terminal-color logger but ships a heavily obfuscated postinstall dropper (utils.cjs, 252 KB, obfuscator.io-style string-array + RC4 + self-defending wrappers) wired into package.json as `"postinstall": "node utils.cjs"`. On install the script RC4-decodes a hidden BINARY_BASE_URL and HF_TOKEN, selects a platform-specific filename (linux-x64/arm64, darwin-arm64, win32-x64), HTTPS-GETs the binary with an `Authorization: Bearer <token>` header, writes it under the user's data directory with mode 0o755, and detached-spawns it. No hash or signature verification is performed, and the bearer-token gate means the source bytes are unauditable from the published package — the author can swap the payload server-side at any time. After dropping the binary the script installs cross-platform boot persistence: on Windows it creates a `schtasks /SC ONLOGON` task and an HKCU\...\CurrentVersion\Run value pointing at a generated.vbs shim that re-spawns the binary hidden; on Linux it writes `~/.config/systemd/user/<unit>.service` and runs `systemctl --user daemon-reload && enable --now`, plus an autostart entry; on macOS it launches the binary detached from a writable directory. Supporting deception signals: the README is titled `terminal-logger-utils` and instructs `npm install terminal-logger-utils` (mismatched name), publisher metadata is a bare handle with no repository/homepage/license, and the README claims 'Zero runtime dependencies' while package.json declares nine. Installer harm fires automatically on `npm install` in any developer or CI environment.

Compromised versions (3)

  • 3.2.0
  • 3.2.1
  • 3.2.2

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.