1. Forum
  2. tqwNet
  3. TQW GENTECH

  • A fake OpenAI repository has taken top spot on Hugging Face but

    From TechnologyDaily@1337:1/100 to All on Monday, May 11, 2026 16:15:27
    A fake OpenAI repository has taken top spot on Hugging Face but all it does is push infostealer malware

    Date:
    Mon, 11 May 2026 15:05:00 +0000

    Description:
    Its popularity may have been faked, though, as the "likes" all came from auto-generated accounts.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Attackers typosquatted an
    OpenAI repo on HuggingFace, distributing an infostealer disguised as a
    privacy filter model The malware disabled SSL checks, escalated privileges, and deployed the sefirah payload to steal credentials, crypto wallets, and system data The fake repo hit 244,000 downloads and briefly topped
    HuggingFace rankings before removal, with other linked malicious repos also taken down Cybercriminals were able tp spoof OpenAI products to distribute an infostealer malwar to more than 240,000 computers before being spotted and eliminated, experts have warned.

    Security researchers HiddenLayer said they spotted a new repository on HuggingFace called Open-OSS/privacy-filter. The privacy filter repository is, according to HiddenLayer, a typosquatted version of the official release, which came with a model card that was copied nearly verbatim. The loader.py file that was shipped in it fetches and executes an infostealer, they added. Latest Videos From You may like Hackers exploit OpenClaw to spread malware
    via GitHub - and a little help from Bing OpenClaw AI agents targeted by infostealer malware for the first time 'macOS is becoming a more attractive target, and the tools attackers use are becoming more capable and more professional': Experts warn 'convincing' fake CleanMyMac installs target
    Apple users to empty crypto wallets Rising to the top Before dropping the infostealer, the malware first disabled SSL verification, decoded a base64 URL, and from it downloaded a JSON payload with a PowerShell command. This command, in turn, downloaded a batch file that escalated privileges, deployed the sefirah payload, added it to Microsoft Defenders exclusion list, and then ran it.

    The infostealer itself does what most infostealers do - grabs data saved in browsers, exfiltrates discord tokens, local databases, and master keys,
    steals cryptocurrency wallet information, browser extension data, SSH, FTP, VPN credentials, as well as sensitive files stored locally. It can also grab screenshots, exfiltrate system information, and more.

    The download count on the fake repository is massive - 244,000 downloads in mere days.

    However, this doesnt mean every download led to an infection.
    BleepingComputer says the download numbers may have been inflated, and that the repository itself was liked by 667 auto-generated accounts. Still, even
    if it was all fake, the repository still managed to hit #1 on Hugging Face
    for a brief moment, which definitely could have lead to infections. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
    your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    However, by following the trail of the fake accounts, HiddenLayer was able to expose other, less-successful repositories, which were also malicious and
    used the same infrastructure. All of these have since been removed from the platform. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/a-fake-openai-repository-has-taken-top- spot-on-hugging-face-but-all-it-does-is-push-infostealer-malware


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)