THREATNOIR
Subscribe
Back to Feed
MalwareJun 11, 2026

One more malicious npm package spotted: "hex-type@3.0.2" - part of the ongoing MicrosoftSystem64...

Malicious npm package hex-type@3.0.2 discovered as part of MicrosoftSystem64 RAT campaign.

Read at source

Summary

A new malicious npm package, 'hex-type@3.0.2', has been identified as part of the ongoing MicrosoftSystem64 RAT campaign. This campaign is designed to exfiltrate sensitive data, utilizing HuggingFace as a command and control channel. The discovery highlights continued risks within the open-source software supply chain.

Indicators of Compromise

  • malware — MicrosoftSystem64 RAT
  • domain — huggingface.co
  • url — https://huggingface.co/

Entities

npm (product)hex-type@3.0.2 (product)HuggingFace (vendor)