Which versions of logger-draft are malicious?

The following npm versions of logger-draft are flagged malicious: 3.2.0, 3.2.1, 3.2.2. Treat any of these as compromised.

How do I remediate logger-draft if I installed it?

logger-draft is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed logger-draft — how do I know if it already compromised me?

If logger-draft was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is logger-draft part of a known attack campaign?

Yes — logger-draft is associated with the IN-MAL-2026-004183, IN-MAL-2026-004272, IN-MAL-2026-004320, IN-MAL-2026-004184, IN-MAL-2026-004273, IN-MAL-2026-004321 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find logger-draft across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for logger-draft (3 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging logger-draft across your stack and pipelines.

Malicious package

logger-draftnpm

Malicious code in logger-draft (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-4346

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall logger-draft

What this malware does

Part of a multi-package malicious campaign by npm author toskypi, logger-draft is a companion package to eo-terminal in the same infostealer and remote access trojan (RAT) campaign. Both packages share the same actor, C2 infrastructure, and attack pattern, and are distributed together under a "terminal logging utilities" theme.

The campaign deploys a comprehensive payload via a postinstall hook that copies a large JavaScript agent to a persistent location disguised as MicrosoftSystem64 and registers it as a system service (systemd on Linux, LaunchAgent on macOS, scheduled task or registry run key on Windows). A sandbox check (CPU count and CPU model string) aborts execution in analysis environments. The install process exits cleanly with process.exit(0), leaving no visible error output.

C2 infrastructure: Primary WebSocket/HTTP C2 at ws://195.201.194.107:8010 (Hetzner Cloud, Germany). Stolen data is also exfiltrated to HuggingFace repository yszf984308/system-release via a hardcoded API token.

Capabilities (shared with campaign):

Keylogger — keystroke and password capture with offline queuing
Clipboard harvesting — 1,000 ms polling via platform-native tools
Screenshot capture and live streaming
Browser credential theft — Chromium-family and Firefox profile directories
Crypto wallet exfiltration — 20+ desktop wallets
SSH backdoor — exfiltrates SSH keys and injects attacker RSA public key into authorized_keys
Shell history theft — 15+ history file formats across all user home directories
Environment variable and .env file theft — targets cloud and CI/CD credentials at install time
Telegram session theft — full tdata/ directory exfiltration
Cloud credential theft — AWS, Azure, GCP, Kubernetes, Docker, GnuPG
Recursive filesystem scan — certificate, key, and wallet files uploaded to HuggingFace
Remote command execution and interactive terminal sessions
Self-update via HuggingFace-hosted native binaries

[email protected] advertises itself as a terminal-color logger but ships a heavily obfuscated postinstall dropper (utils.cjs, 252 KB, obfuscator.io-style string-array + RC4 + self-defending wrappers) wired into package.json as "postinstall": "node utils.cjs". On install the script RC4-decodes a hidden BINARY_BASE_URL and HF_TOKEN, selects a platform-specific filename (linux-x64/arm64, darwin-arm64, win32-x64), HTTPS-GETs the binary with an Authorization: Bearer <token> header, writes it under the user's data directory with mode 0o755, and detached-spawns it. No hash or signature verification is performed, and the bearer-token gate means the source bytes are unauditable from the published package — the author can swap the payload server-side at any time. After dropping the binary the script installs cross-platform boot persistence: on Windows it creates a schtasks /SC ONLOGON task and an HKCU...\CurrentVersion\Run value pointing at a generated.vbs shim that re-spawns the binary hidden; on Linux it writes ~/.config/systemd/user/<unit>.service and runs systemctl --user daemon-reload && enable --now, plus an autostart entry; on macOS it launches the binary detached from a writable directory. Supporting deception signals: the README is titled terminal-logger-utils and instructs npm install terminal-logger-utils (mismatched name), publisher metadata is a bare handle with no repository/homepage/license, and the README claims 'Zero runtime dependencies' while package.json declares nine. Installer harm fires automatically on npm install in any developer or CI environment.

Malicious versions

3 flagged

3.2.03.2.13.2.2

Indicators of compromise (SHA-256)

fbefd2d58c46c2967c6d1ac070fe3fef6a50b078d76ca015d184cf8ac3e9812e

0862a27a4fcbb3fc546fed447371d22dfcabb46e2d6a163754d30ec300fdceb7

1f700e9c57c78ef1864ca4e05bb03e3d1c1d3af843fea707f934e80ff827aa93

5f856a4ade2e077545656c876ac51e89603c8901fefa4abbd03f3348ebc39854

82d03fd6ce6e3d4cc0cca06c66cf56d00115c6ab335ab7ec9e0fe7476fa10d3c

acd3dbf9060aad9798a0c2bdca5208715491ce58711cec202661d6d7648361a6

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for logger-draft (3 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging logger-draft across your stack and pipelines.
If you installed it — respond
logger-draft is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If logger-draft was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks logger-draft before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. logger-draft on npm has been identified as a malicious package (versions 3.2.0, 3.2.1, 3.2.2 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-004183IN-MAL-2026-004272IN-MAL-2026-004320IN-MAL-2026-004184IN-MAL-2026-004273IN-MAL-2026-004321

References

Credits

Amazon Inspector · finder
SafeDep · finder

Detect & block this

O3 blocks logger-draft-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring