OX Security identified a malicious npm package, terminal-logger-utils, with keylogger, infostealer, and RAT behavior and linked the activity to previously documented North Korean supply-chain campaigns. The package is triggered through a postinstall hook and an obfuscated dropper, with dependent packages pretty-logger-utils, ts-logger-pack, and pinno-loggers causing execution when installed. The malware downloads a platform-specific bundled Node executable, uses Hugging Face for payload or stolen-data hosting, and establishes WebSocket-based remote control for files, shells, screenshots, and input injection. It targets developer and high-value local data including Telegram Desktop sessions, browser credentials, SSH keys, crypto wallets, AWS/GCP/Azure cloud configurations, environment variables, clipboard data, and keystrokes, making it a direct risk to software supply chains and developer secrets.