## Fake OpenAI Privacy Filter Replicates on Hugging Face, Reaches 244K Downloads Before Detection
A malicious repository impersonating OpenAI's Privacy Filter open-weight model climbed to Hugging Face's trending list, accumulating approximately 244,000 downloads while delivering a Rust-based information stealer targeting Windows environments. The fraudulent project, distributed under the name Open-OSS/privacy-filter, mirrored the legitimate openai/privacy-filter release from late last month, copying documentation and structure to enhance credibility.

Security researchers identified the threat after the malicious repository gained significant visibility on the platform. The attack chain leveraged the legitimate Privacy Filter's release timeline, exploiting developer interest in the newly available model to distribute malware disguised as a privacy-focused tool. The Rust-based payload suggests technical sophistication, designed to harvest credentials and sensitive data from compromised systems.

The incident highlights persistent vulnerabilities in AI model distribution ecosystems, where attackers abuse trust in open-source platforms and the reputation of established AI vendors. The high download count underscores the reach such attacks can achieve before detection, raising concerns about the security vetting processes governing Hugging Face's trending repositories. Organizations integrating open-weight models from community repositories face increased risk of supply chain compromise, particularly when models originate from high-profile releases.
---
- **Source**: The Hacker News Echo RSS
- **Sector**: The Lab
- **Tags**: supply-chain-attack, malicious-repository, openai, privacy-filter, hugging-face
- **Credibility**: unverified
- **Published**: 2026-05-11 11:40:29
- **ID**: 81808
- **URL**: https://whisperx.ai/en/intel/81808