Hugging Face Repo Malware: OpenAI Copycat Clone

Added: 2026-05-16

[00:00:00]Malicious hugging face repository that reached the platform's trending list and impersonated OpenAI's privacy filter project to deliver information-stealing malware to Windows users. The repository briefly reached number one on hugging face and accumulated nearly a quarter of a million downloads before the platform responded to reports and removed it. Researchers at Hidden Layer Oh, come on.

[00:00:26]A company focused on safeguarding AI and ML models against attacks discovered the campaign on May 7th. So, that's just a couple days ago. After noticing the malicious repository named open oss/privacyfilter.

[00:00:42]The repository had typo-squatted OpenAI's legitimate privacy filter release, copied its model card nearly verbatim, and shipped a loader.py file that fetches and executes info-stealer malware on Windows machines.

[00:01:03]So, going back to the copycat clones, right? Is that it's something that looks and feels almost identical to like a real thing, except there are small pieces of it that are malware. And in this case, it sounds like they did a pretty good job. This typo-squatting thing, if I understand correctly, is basically leveraging fact that there could be a a minor mis-type.

[00:01:31]Like I was saying before, you see a Claude code ad, and it looks exactly like Anthropic and all this stuff, and but really it's not coming from Anthropic, it comes from Anthropia.

[00:01:44]Like that's an example of like these typo-squatters is they're making really minor change, but it's almost invisible.

[00:01:51]And so, unless you look at it really closely, you might miss it.