CVE-2026-39987 update: How attackers weaponized marimo to deploy a blockchain botnet via HuggingFace
Essential information
- Published
- 16/04/2026 08:36
- Modified
- 16/04/2026 11:03
- Tags
- 2026-04-16 CVE-2026-39987 huggingface marimo nkn blockchain
- Related entities
- 2 vulnerabilities (cve), 12 observables, 21 techniques (mitre), 2 malware, 2 others
Description
Three days after disclosure of a critical pre-authorization remote code execution vulnerability in the marimo Python notebook platform, multiple threat actors deployed malware hosted on HuggingFace Spaces. A previously undocumented NKAbuse variant was delivered through a typosquatted HuggingFace Space, utilizing NKN blockchain for command and control. Between April 11-14, 2026, eleven unique source IPs across ten countries generated 662 exploit events. Attack patterns included reverse shell campaigns, credential extraction targeting AWS keys and API tokens, DNS exfiltration, and lateral movement to PostgreSQL and Redis databases via leaked credentials. The malware binary was disguised as a legitimate Kubernetes tool named kagent and implemented persistence through systemd services, crontab entries, and macOS LaunchAgents. This operation demonstrates threat actors specifically targeting AI/ML infrastructure and leveraging trusted platforms for malware distribution.