A malicious repository on Hugging Face impersonating OpenAI's Privacy Filter model reached #1 trending within 18 hours, accumulating approximately 244,000 downloads and 667 likes before being removed. The repository, published by a fake account named 'Open-OSS', contained a six-stage infostealer targeting Windows machines. The malware harvested browser passwords, Discord tokens, cryptocurrency wallet keys, SSH credentials, and more, then exfiltrated data to attacker-controlled servers. HiddenLayer, an AI security firm, identified the campaign and noted that 657 of the 667 likes came from bot accounts, indicating manufactured social proof. The attack is part of a broader supply chain compromise targeting AI developers, with six other malicious repositories found under a separate account 'anthfu'. Users who downloaded and ran any file from the repository should treat their device as fully compromised, change all stored credentials, and move crypto funds immediately.

Key facts

• Fake repo impersonating OpenAI's Privacy Filter reached #1 trending in 18 hours.
• Malware consisted of a six-stage infostealer targeting browser passwords, crypto keys, and more.
• 657 out of 667 likes were from bot accounts, indicating fake social proof.
• Six additional malicious repos found under account 'anthfu' targeting other AI models.
• Users who ran the malware should treat devices as fully compromised and rotate all secrets.