Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
Summary
A fake Hugging Face repository, impersonating OpenAI's Privacy Filter, reached the platform's trending list and garnered over 244,000 downloads. The malicious repository, named Open-OSS/privacy-filter, distributed a Rust-based information stealer targeting Windows users.
IFF Assessment
This article highlights a malicious attack where a fake repository was used to distribute malware, posing a direct threat to users and their data.
Defender Context
Defenders should be aware of the increasing sophistication of social engineering attacks that leverage popular platforms like Hugging Face to distribute malware. Users must exercise extreme caution when downloading code or models, especially when the source is not officially verified, as attackers are actively exploiting trust in legitimate projects.