WARNING: Open-OSS/privacy-filter MALWARE
Bogus Open-OSS/privacy-filter model uses Python dropper to steal your data.
Security researchers discovered a dangerous imposter on Hugging Face: a model titled Open-OSS/privacy-filter masquerading as an OpenAI privacy filter. In reality, it's a custom infostealer virus targeting AI practitioners. The attack chain begins with a Python-based dropper (loader.py) included in the model repository. When executed, it downloads a malicious PowerShell command from an external server. That PowerShell command then spawns a second PowerShell command that downloads and runs a shady EXE file, scheduled via Task Scheduler for persistence. Behavioral analysis shows the EXE steals sensitive information such as browser credentials, cryptocurrency wallets, and session tokens — classic infostealer behavior.
The attacker specifically targets Windows users, the majority of AI/ML practitioners who develop on Windows. Linux users remain unaffected as the payload is Windows-native. The model was reported to Hugging Face and Microsoft by the discoverer (reddit user charles25565), and a detailed sandbox analysis is available. This incident highlights a growing supply-chain risk in the AI ecosystem: malicious actors injecting malware into model repositories that appear legitimate. Users are urged to verify model authenticity, avoid running untrusted Python scripts from downloaded models, and always check source code before execution.
- Malicious model Open-OSS/privacy-filter on Hugging Face is a disguised infostealer.
- Attack uses a Python dropper (loader.py) that triggers a multi-stage PowerShell payload, downloading an EXE executed via Task Scheduler.
- Only Windows systems are vulnerable; Linux users are unaffected. The malware steals browser credentials and crypto wallets.
Why It Matters
This supply-chain attack on Hugging Face threatens AI teams who trust model repos, risking data theft.