NKAbuse Malware Campaign Targeting ML/AI Developers via Hugging Face

🟠 High 📅 April 16, 2026 ⚡ Actively distributed

Executive Summary

Hackers are exploiting a critical vulnerability in Marimo reactive Python notebooks to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces, a popular platform for machine learning model sharing.

Technical Analysis

Vulnerability Exploited

  • Component: Marimo reactive Python notebook
  • Flaw Type: Remote code execution via malicious notebook
  • Attack Vector: Social engineering + technical exploit

Malware Capabilities

NKAbuse is a multi-functional malware with capabilities including:

  • System Reconnaissance: Gathers environment information
  • Credential Theft: Targets SSH keys, API tokens, cloud credentials
  • Persistence: Establishes multiple persistence mechanisms
  • C2 Communication: Encrypted communication with command servers
  • Lateral Movement: Attempts to spread within cloud environments

Distribution Method

  1. Attacker uploads malicious notebook to Hugging Face
  2. Notebook appears legitimate (ML tutorial, model demo)
  3. Victim runs notebook in their environment
  4. Malware silently installs and activates

Target Profile

Primary Targets

  • Data scientists and ML engineers
  • AI researchers
  • MLOps practitioners
  • Cloud ML platform users

Why Hugging Face?

  • Trusted platform in ML community
  • Low barrier to entry for attackers
  • Large attack surface (millions of models/repos)
  • Users often run untrusted code locally

IOCs - Indicators of Compromise

C2 Domains

huggingface-cdn[.]com marimo-update[.]net notebook-cloud[.]io

File Indicators

marimo_update.exe notebook_patch.dll ml-helper.sh

Registry Keys (Windows)

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MarimoUpdate HKCU\Software\Marimo\Config

Network Signatures

HTTPS traffic to: 185.220.101.0/24 User-Agent: “Marimo-Client/1.0”

Impact

Immediate Risk

  • Cloud credential compromise (AWS, Azure, GCP)
  • Proprietary model theft
  • Training data exfiltration
  • Compute resource hijacking for crypto mining

Long-term Risk

  • Supply chain contamination
  • Poisoned ML models distributed downstream
  • Intellectual property theft

References

  • BleepingComputer Technical Analysis
  • Hugging Face Security Advisory
  • Marimo Project Security Notice

Next: Defense Guide →