Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Open-OSS/privacy-filter Hugging Face infostealer activity

Malware Activity
First reported
Last updated
Happening score
H score 22
2 unique sources, 2 articles

Summary

Hide ▲

A malicious Hugging Face repository called Open-OSS/privacy-filter impersonated OpenAI's Privacy Filter and delivered a Rust-based information stealer to Windows users. The lure used loader.py and start.bat to start a staged malware chain that copied the legitimate model's presentation and disguised the download as a trusted AI project. The repository briefly reached #1 trending before Hugging Face disabled access, limiting further abuse. The malware mattered because it stole screenshots, Discord data, wallets, browser data, and seed phrases from affected systems.

Related Happenings

Gremlin stealer modular toolkit evolution

Malware Activity
First: 15.05.2026 17:19 Last: 15.05.2026 17:19 Sources 1

About this happening: The **Gremlin stealer** malware has expanded into a **modular toolkit** with **session-hijacking** and **crypto clipping** capabilities, raising the risk of credential theft and a...

Open Happening

Hugging Face shared-loader supply chain campaign

Campaign
First: 11.05.2026 10:05 Last: 11.05.2026 10:05 Sources 1

How related: The shared infrastructure suggests these campaigns are possibly linked and likely part of a broader supply chain operation targeting open-source ecosystems,

About this happening: A **Hugging Face** repository cluster appears to be part of a **broader supply chain campaign** that used **shared loaders** to push a stealer through open-source model downloads....

Open Happening

Sefirah infostealer delivered through a malicious Hugging Face repository

Malware Activity
First: 09.05.2026 17:26 Last: 09.05.2026 17:26 Sources 1

About this happening: A malicious **Hugging Face** repository impersonated **OpenAI’s Privacy Filter** and delivered **sefirah**, a **Rust-based infostealer**, to **Windows** users, creating credential...

Open Happening

MuddyWater Microsoft Teams social-engineering campaign with Chaos ransomware decoy

Campaign
First: 06.05.2026 16:02 Last: 06.05.2026 16:02 Sources 1

About this happening: The **MuddyWater** campaign used **Microsoft Teams** social engineering and a **Chaos ransomware** decoy to gain access, steal credentials, and establish persistence. The operatio...

Open Happening

ABCDoor backdoor activity in Silver Fox attacks

Malware Activity
First: 04.05.2026 14:35 Last: 04.05.2026 14:35 Sources 1

About this happening: The newly identified **ABCDoor** backdoor is being used in **real-world attacks** by **Silver Fox**, expanding the group's malware set and increasing the risk of covert remote acc...

Open Happening

Timeline

  1. 11.05.2026 10:05 2 articles · 16d ago

    Open-OSS/privacy-filter impersonates OpenAI's Privacy Filter and delivers a Windows infostealer

    Initial Disclosure

    A malicious Hugging Face repository named Open-OSS/privacy-filter impersonated OpenAI's Privacy Filter open-weight model, copied the model card and description, and used start.bat and loader.py to deliver a Rust-based information stealer to Windows users. The execution chain disabled SSL verification, resolved a Base64-encoded dead drop through JSON Keeper, passed commands to PowerShell, downloaded a batch script from api.eth-fastscan[.]org, configured Microsoft Defender Antivirus exclusions, created a scheduled task, and exfiltrated stolen data in JSON to recargapopular[.]com. The repository briefly reached #1 trending with about 244,000 downloads and 667 likes before access was disabled.

    Show sources
    Open in new tab