Skip to content
Tech News
← Back to articles

Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face

2026-04-16 | original
read original get Cybersecurity USB Data Block → more articles
Why This Matters

The exploitation of a critical vulnerability in Marimo to deploy NKAbuse malware via Hugging Face Spaces underscores the increasing risks associated with AI development platforms. This incident highlights how cybercriminals are leveraging legitimate services to distribute malicious payloads, posing significant threats to both the tech industry and consumers. It emphasizes the need for heightened security measures and vigilance when using cloud-based AI tools and repositories.

Key Takeaways

Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces.

Attacks leveraging the remote code execution flaw (CVE-2026-39987) started last week for credential theft, less than 10 hours after technical details were disclosed publicly, according to data from cloud-security company Sysdig.

Sysdig researchers continued to monitor activity related to the security issue identified additional attacks, including a campaign that started on April 12 that abuses the Hugging Face Spaces platform for showcasing AI applications.

Hugging Face serves as an AI development and machine learning-focused platform, acting as a hub for AI assets such as models, datasets, code, and tools, shared among the community.

Hugging Face Spaces lets users deploy and share interactive web apps directly from a Git repository, typically for demos, tools, or experiments around AI.

In the attacks that Sysdig observed, the attacker created a Space named vsccode-modetx (an intentional typosquat for VS Code) that hosts a dropper script (install-linux.sh) and a malware binary with the name kagent, also an attempt to mimic a legitimate Kubernetes AI agent tool.

After exploiting the Marimo RCE, the threat actor ran a curl command to download the script from Hugging Face and execute it. Because Hugging Face Spaces is a legitimate HTTPS endpoint with a clean reputation, it is less likely to trigger alerts.

The dropper script downloads the kagent binary, installs it locally, and sets up persistence via systemd, cron, or macOS LaunchAgent.

According to the researchers, the payload is a previously undocumented variant of the DDoS-focused malware NKAbuse. Kaspersky researchers reported the malware in late 2023 and highlighted its novel abuse of the NKN (New Kind of Network) decentralized peer-to-peer network technology for data exchange.

Sysdig says that the new variant functions as a remote access trojan that can execute shell commands on the infected system and send the output back to the operator.

... continue reading

Explore topics: marimo nkabuse hugging face sysdig rce
Related:
Marc Benioff Says the Software Bears Are All Wrong About Salesforce
Palantir posts mini-manifesto denouncing inclusivity and ‘regressive’ cultures
Cloud development platform Vercel was hacked
Vercel Says Internal Systems Hit in Breach
Russian-made Shahed drones are ‘disintegrating in the air before reaching their targets’ due to shoddy manufacturing, video shows — commentators call Russian clones of Iran's drones 'flying garbage'

© 2026 GoKawiil

About | Editorial Policy | Contact