Hugging Face shared-loader supply chain campaign
Campaign
Summary
Hide ▲
Show ▼
A Hugging Face repository cluster appears to be part of a broader supply chain campaign that used shared loaders to push a stealer through open-source model downloads. The operation impersonated OpenAI's Privacy Filter, reused similar Python loaders across six more repositories, and relied on deceptive packaging to reach users. That pattern matters because it turns trusted model hubs into malware delivery infrastructure for Windows users.
Related Happenings
OpenAI and Trail of Bits launch Patch the Planet open-source security program
Commercial Activity
H score1
First: 23.06.2026 06:56
Last: 23.06.2026 06:56
Sources 1
About this happening:
OpenAI launched **Patch the Planet** with **Trail of Bits** to help secure **open-source projects**, expanding a cybersecurity-focused partnership program for maintainers and defe...
OpenAI and Trail of Bits launch Patch the Planet open-source security program
Commercial ActivityAbout this happening: OpenAI launched **Patch the Planet** with **Trail of Bits** to help secure **open-source projects**, expanding a cybersecurity-focused partnership program for maintainers and defe...
Openew[.]app cloaked malware download portal
Malware Activity
H score26
First: 29.05.2026 21:21
Last: 29.05.2026 21:21
Sources 1
About this happening:
The **openew[.]app** malware-delivery activity now also uses **legitimate ChatGPT shared pages** as the first lure, with **Google ads** and **SEO poisoning** sending victims to a...
Openew[.]app cloaked malware download portal
Malware ActivityAbout this happening: The **openew[.]app** malware-delivery activity now also uses **legitimate ChatGPT shared pages** as the first lure, with **Google ads** and **SEO poisoning** sending victims to a...
OpenAI hit by cyberattack
Incident
H score38
First: 14.05.2026 22:07
Last: 14.05.2026 22:07
Sources 1
About this happening:
OpenAI confirmed **two employees' devices** were breached, giving attackers access to a limited set of internal source code repositories and forcing a precautionary rotation of **...
OpenAI hit by cyberattack
IncidentAbout this happening: OpenAI confirmed **two employees' devices** were breached, giving attackers access to a limited set of internal source code repositories and forcing a precautionary rotation of **...
Open-OSS/privacy-filter Hugging Face infostealer activity
Malware Activity
H score69
First: 11.05.2026 10:05
Last: 11.05.2026 10:05
Sources 1
How related:
The repository had typosquatted OpenAI's legitimate Privacy Filter release, copied its model card nearly verbatim, and shipped a loader.py file that fetches and executes infostealer malware on Windows machines,
About this happening:
A malicious **Hugging Face repository** called **Open-OSS/privacy-filter** impersonated **OpenAI's Privacy Filter** and delivered a **Rust-based information stealer** to **Windows...
Open-OSS/privacy-filter Hugging Face infostealer activity
Malware ActivityHow related: The repository had typosquatted OpenAI's legitimate Privacy Filter release, copied its model card nearly verbatim, and shipped a loader.py file that fetches and executes infostealer malware on Windows machines,
About this happening: A malicious **Hugging Face repository** called **Open-OSS/privacy-filter** impersonated **OpenAI's Privacy Filter** and delivered a **Rust-based information stealer** to **Windows...
Sefirah infostealer delivered through a malicious Hugging Face repository
Malware Activity
H score16
First: 09.05.2026 17:26
Last: 09.05.2026 17:26
Sources 1
About this happening:
A malicious **Hugging Face** repository impersonated **OpenAI’s Privacy Filter** and delivered **sefirah**, a **Rust-based infostealer**, to **Windows** users, creating credential...
Sefirah infostealer delivered through a malicious Hugging Face repository
Malware ActivityAbout this happening: A malicious **Hugging Face** repository impersonated **OpenAI’s Privacy Filter** and delivered **sefirah**, a **Rust-based infostealer**, to **Windows** users, creating credential...
Timeline
-
11.05.2026 10:05 2 articles · 1mo ago
Malicious Hugging Face repository impersonates OpenAI Privacy Filter
Initial DisclosureA malicious Hugging Face repository named Open-OSS/privacy-filter impersonated OpenAI's Privacy Filter open-weight model, copied its description and model card nearly verbatim, and used start.bat and loader.py to deliver a Rust-based information stealer to Windows users. HiddenLayer's analysis also ties the activity to shared infrastructure, notes that the malicious model was disabled after reaching #1 trending with about 244,000 downloads and 667 likes within 18 hours, and identifies six additional repositories using similar Python loaders in the same broader supply-chain pattern.
Show sources
- Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads — thehackernews.com — 11.05.2026 10:05
- Malicious Hugging Face Repository Typosquats OpenAI — www.infosecurity-magazine.com — 12.05.2026 12:30