Fake OpenAI repository on Hugging Face pushes infostealer malware

A threat actor created a fraudulent Hugging Face repository that mimicked OpenAI's "Privacy Filter" project and reached the platform's trending list. The fake repository distributed an infostealer designed to target Windows systems.

Hugging Face hosts machine learning models and datasets that developers download regularly. The malicious repository exploited this trust by using a name closely matching legitimate OpenAI projects. Users downloading what they believed was official privacy-enhancing software instead received malware capable of stealing sensitive information from their machines.

Infostealer malware typically harvests credentials, browser data, cryptocurrency wallets, and other valuable information from infected systems. Once extracted, this data sells on dark web forums or feeds into downstream attacks. The trojanized repository exposed developers to immediate compromise during the development phase, when security tools often run with elevated permissions.

The incident highlights a persistent vulnerability in open-source ecosystems. Attackers routinely register accounts impersonating trusted vendors or projects, relying on visual similarity and trending algorithms to boost visibility. Hugging Face, like GitHub and PyPI, lacks perfect defenses against typosquatting and impersonation campaigns.

Developers should verify project authenticity before downloading. Check for official organization badges on Hugging Face, confirm URLs match legitimate domains, review repository creation dates for suspicious timing, and examine commit history for unusual activity. Cross-reference projects through official channels like OpenAI's GitHub organization.

Security teams should implement scanning of machine learning artifacts, restrict third-party repository access in development environments, and monitor trending lists on hosting platforms for suspicious activity. Endpoint detection and response tools should flag infostealer behaviors like credential access and data exfiltration.

This attack demonstrates how attackers exploit the speed and convenience of modern development workflows. The malware reached trending status, suggesting it deceived multiple developers before detection and removal. Organizations relying on open-source