Fake OpenAI Repo Hits #1 Trending on Hugging Face with 244K Downloads, Delivers Infostealer

Tools media only 3 src. ~1 min

A repository named 'Open-OSS/privacy-filter' copied OpenAI's legitimate Privacy Filter model card nearly verbatim and reached #1 on Hugging Face trending within 18 hours, accumulating around 244,000 downloads before removal. The loader.py file delivered a six-stage Rust-based infostealer harvesting browser credentials, Discord tokens, crypto wallet keys, and SSH credentials, with suspected ties to the Silver Fox threat group. Six related repositories impersonating Qwen3, DeepSeek, and other popular models were also found.

Why it matters

Supply-chain attacks via AI model repositories are maturing rapidly; the trending-list manipulation and 244K download count show that Hugging Face's surface is a high-value target for credential theft campaigns targeting AI developers.

Importance: 3/5

244K downloads of credential-stealing malware via #1 HF trending; first demonstrated large-scale supply-chain attack on HF model hub targeting AI developers.

security huggingface supply-chain malware openai

Sources

media Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads — The Hacker News

media Fake OpenAI repository on Hugging Face pushes infostealer malware — Bleeping Computer

media Malicious Hugging Face Repository Typosquats OpenAI — Infosecurity Magazine