VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Fake Open-OSS/privacy-filter Repo Tops Hugging Face Trends — 244,000 Downloads

Поддельный репозиторий Open-OSS/privacy-filter возглавил тренды Hugging Face и набрал 244 000 загрузок

- HiddenLayer found that Open-OSS/privacy-filter duplicated the original description and included a loader.py that deploys an info‑stealer on Windows.
- Attackers instructed users to clone the repo and run start.bat/loader.py; a second-stage payload was fetched via JSON Keeper and PowerShell, and a scheduled task was created.
- Final stage exfiltrates screenshots, wallet data, Discord and browser data to an external domain.

Why it matters: this is a new OSS supply‑chain vector — always verify source and delivery method.

How do you vet third‑party models and repositories?

#cybersecurity #supplychain #HuggingFace #OpenAI

Latest comments

No comments yet.