A malicious repository impersonating OpenAI’s Privacy Filter reached the top of Hugging Face’s trending list, exposing 244,000 downloads to a sophisticated Rust-based infostealer targeting sensitive user credentials and data.

Key Points

• Security firm HiddenLayer discovered the malicious repository, Open-OSS/privacy-filter, on May 7.
• The malware used a Python loader to execute PowerShell commands that disabled security features and installed the "sefirah" infostealer.
• Stolen data includes browser passwords, cryptocurrency wallet keys, Discord tokens, and VPN configuration files.
• The malware employs anti-analysis techniques to detect virtual machines and debuggers, complicating security investigations.
• Researchers identified links between this campaign and previous npm typosquatting attacks distributing the WinOS 4.0 implant.

Why it Matters

This incident highlights the growing risk of supply chain attacks targeting AI development platforms as malicious actors increasingly exploit trusted repositories to distribute malware. Users who interacted with the repository must assume their credentials and digital assets are compromised and should take immediate steps to secure their systems.