Malware Found in Trending Hugging Face Repository "Open-OSS/Privacy-Filter" (www.hiddenlayer.com)

On May 7, 2026, malware was discovered within the Hugging Face repository "Open-OSS/privacy-filter," which had recently gained popularity with over 200,000 downloads. The repository mimicked OpenAI's legitimate Privacy Filter, effectively utilizing typosquatting tactics to deceive users. The malicious code, contained within a loader.py script, executed infostealer malware on Windows systems, silently harvesting sensitive information like passwords, session cookies, and even cryptocurrency wallet data. This incident underscores significant risks associated with using open-source repositories, especially as they become targets for malicious actors eager to exploit the trust built within the AI/ML community. The malware's sophisticated design, including evasion tactics against security measures and its ability to update its payload through external channels, illustrates a growing trend in cyber threats. Developers and users are urged to reinforce security practices, such as closely scrutinizing sources and considering system integrity when accessing trending repositories, to mitigate potential compromises from similar attacks in the future.