Fake OpenAI Model on Hugging Face Spreads Malware

A malicious repository impersonating OpenAI‘s Privacy Filter model surged to the top of Hugging Face‘s trending page in late April. The fake repo, uploaded by an account named “Open-OSS,” amassed approximately 244,000 downloads and 667 likes in under 18 hours before removal.

According to the security firm HiddenLayer, 657 of those likes came from bot accounts. This manufactured social proof effectively disguised the bait, which instructed users to run a file called start.BAT.

Consequently, executing the file triggered a complex, multi-stage infection. The malware secretly downloaded a final payload written in Rust that harvested sensitive data from Windows machines.

The infostealer comprehensively targeted browser passwords, Discord tokens, and cryptocurrency wallet seed phrases. It also collected SSH keys and took screenshots before exfiltrating everything to attacker-controlled servers.

This incident is part of a larger pattern, as HiddenLayer identified six additional malicious repositories. Those repos impersonated other popular AI models like Qwen3 and DeepSeek to lure developers.

The campaign’s infrastructure, a domain mimicking a blockchain analytics API, was also observed Hosting separate malware. This strategy mirrors a 2024 supply chain attack that cost one user 10 Bitcoin.

Anyone who cloned and ran the repository must treat their device as fully compromised. All stored credentials should be considered stolen and crypto funds must be moved to a new wallet from a clean device.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

• OpenAI Daybreak AI Hunts Software Bugs Like Anthropic’s Mythos
• City St George’s University Joins Theta EdgeCloud Network
• Anthropic Declares Many Crypto Tokens Backed by Its Shares Void
• XRP ETFs Record High Inflows Amid Calls for $10 Rally
• RubyGems Halts Sign-Ups After Malicious Attack