Hackers use Marimo flaw to spread NKAbuse malware via Hugging Face

A critical security flaw in the popular Marimo reactive Python notebook framework is being actively exploited by threat actors. These attackers are leveraging the vulnerability to deliver a newly identified variant of the NKAbuse malware, which is being distributed through the trusted Hugging Face Spaces platform. This campaign represents a significant escalation in the abuse of legitimate developer tools and AI infrastructure for malicious purposes.

The attack chain begins when a user is tricked into opening a malicious Marimo notebook file. This file contains specially crafted code that exploits the vulnerability, designated as CVE-2024-3640, to execute arbitrary commands on the victim’s system. The flaw is a command injection vulnerability that allows an attacker to run system commands with the same privileges as the Marimo application. Once initial access is gained, the notebook fetches and executes the final payload from a seemingly legitimate Hugging Face Space.

The final payload is a new version of the NKAbuse malware, a cross-platform backdoor first identified last year. This variant is written in the D programming language, a choice that may help it evade detection by security tools more accustomed to threats written in C or C++. NKAbuse is designed to provide persistent remote access to compromised systems. Its capabilities are extensive, including executing commands, stealing files, and downloading additional malicious modules as directed by its operators.

The use of Hugging Face Spaces as a distribution point is a notable tactic. The platform is widely trusted by developers and researchers for sharing AI models and applications, making malicious content hosted there less likely to raise immediate suspicion. This method of malware distribution via trusted platforms allows attackers to bypass traditional security filters that might block downloads from known malicious domains. It underscores a growing trend where attackers weaponize legitimate software supply chains and developer ecosystems.

Security researchers analyzing the campaign have confirmed that the attackers are actively targeting systems running Marimo. The vulnerability’s critical nature means exploitation can lead to full system compromise. Organizations and individual developers using the Marimo framework are urged to apply the available security patch immediately. The incident serves as a stark reminder of the risks inherent in modern development environments, where a single vulnerability in a trusted tool can become a gateway for a sophisticated intrusion.

To mitigate this threat, users should ensure their Marimo installation is updated to the latest patched version. Furthermore, exercising caution with notebook files from untrusted sources is paramount, even if they are hosted on reputable platforms like Hugging Face. Security teams should also consider monitoring network traffic for connections to unexpected or new Hugging Face Spaces, as this could indicate a compromise. This attack highlights the need for a robust software supply chain security posture that accounts for the abuse of legitimate code repositories and development tools.