Marimo RCE via CVE-2024-41663 Exploited to Deliver NKAbuse Malware

Threat actors are actively targeting the AI and data science community by exploiting a critical vulnerability in Marimo, a popular reactive Python notebook. According to BleepingComputer, these attackers are utilizing the flaw to deploy a variant of the NKAbuse malware, leveraging Hugging Face as a trusted hosting platform for the malicious binaries.

Overview of the Marimo RCE Exploit

The vulnerability, identified as CVE-2024-41663, resides in Marimo versions prior to 0.7.5. Marimo is designed as a reactive notebook where code execution is automatically managed based on state changes. However, the lack of proper input validation in certain components allowed for an unauthenticated RCE.

Security researchers at Protect AI originally discovered the CVE, noting that the exploit allows an attacker to execute arbitrary system commands with the privileges of the user running the notebook server. Because data science environments often lack the rigorous EDR coverage found in enterprise workstations, they represent a high-value target for Lateral Movement and data exfiltration.

Technical Analysis of NKAbuse Malware

Once the exploit is successful, attackers initiate a command to download the NKAbuse malware. The specific campaign observed involves NKAbuse malware Hugging Face delivery, where the binary is fetched from a Hugging Face Space. This tactic is particularly effective because many organizations allow traffic to and from Hugging Face by default, assuming it is legitimate machine learning research data.

NKAbuse is a sophisticated backdoor and DDoS bot written in Go. It is notable for using the NAIX protocol, which is built on the Libp2p framework. This allows the malware to maintain a decentralized C2 infrastructure, making it resilient against traditional IP-based blocking or domain takeovers.

Capabilities of NKAbuse include:

• Full system backdoor functionality.
• Execution of various DDoS attack vectors (TCP, UDP, and HTTP floods).
• Remote screen capture and keylogging.
• Management of file systems on the infected host.

Detection and Mitigation Strategies

Defenders must prioritize identifying and patching vulnerable instances of the Marimo server. Use the following guidance to secure your environment and understand how to patch Marimo RCE vulnerabilities effectively.

Marimo CVE-2024-41663 exploit detection

Security Operations Centers (SOC) should monitor for unusual child processes spawning from Python notebook instances. Specifically, look for curl or wget commands fetching binaries from Hugging Face (huggingface.co/spaces/...). SIEM rules should be configured to flag execution of ELF files from temporary directories such as /tmp/ or /dev/shm/, which are common IoC patterns for this campaign.

To map these threats to the MITRE ATT&CK framework, the exploitation of Marimo falls under T1190 (Exploit Public-Facing Application), while the use of Hugging Face for delivery aligns with T1105 (Ingress Tool Transfer).

Actionable Recommendations

1. Immediate Patching: Update all Marimo installations to version 0.7.5 or higher. This version addresses the underlying flaws that lead to command injection.
2. Network Segmentation: Restrict access to the Marimo notebook interface using a VPN or firewall. It should never be exposed directly to the public internet.
3. Egress Filtering: Implement strict egress controls on compute instances used for AI/ML. Restrict the ability to fetch external binaries unless through an approved internal proxy.
4. Runtime Monitoring: Deploy runtime security tools capable of detecting unauthorized system calls and network connections originating from Python environments.