## Fake OpenAI Repository on Hugging Face Trending List Delivers Infostealer Malware A malicious repository impersonating OpenAI's "Privacy Filter" project infiltrated Hugging Face's trending list, distributing information-stealing malware to Windows users who downloaded what appeared to be a legitimate AI tool. The campaign exploited the trust associated with OpenAI's brand and the visibility of trending repositories to maximize its reach before detection. The fraudulent repository mimicked OpenAI's naming conventions and project structure, creating a convincing facade that bypassed user scrutiny. By climbing to Hugging Face's trending list, the malicious project gained significant exposure to the platform's user base of AI developers and researchers. Windows users who cloned or downloaded the repository were infected with infostealer malware, a class of threat designed to harvest credentials, browser data, cryptocurrency wallet information, and other sensitive material from compromised systems. The incident underscores mounting security concerns around AI development platforms and open-source model repositories. Hugging Face has become critical infrastructure for the machine learning community, but its open model for hosting code creates opportunities for supply chain attacks. Impersonation of major AI organizations like OpenAI represents a calculated approach to social engineering, leveraging brand authority to legitimize malicious payloads. As AI development workflows increasingly rely on shared repositories and pre-trained models, the attack surface for similar campaigns continues to expand. Security researchers have previously warned about the risks of executing untrusted code from model repositories, and this incident demonstrates those concerns are not theoretical. --- - **Source**: BleepingComputer Echo RSS - **Sector**: The Lab - **Tags**: malware, hugging-face, openai, infostealer, supply-chain-attack - **Credibility**: unverified - **Published**: 2026-05-09 16:01:44 - **ID**: 81181 - **URL**: https://whisperx.ai/en/intel/81181