Malicious Repository on Hugging Face Promotes Infostealer Malware

Post Views: 1

Malicious Repository Impersonates OpenAI Project to Spread Infostealer Malware

A recent discovery by researchers at HiddenLayer has shed light on a fake repository on the Hugging Face platform that posed as OpenAI’s Privacy Filter project. This malicious repository was designed to deploy an information-stealing malware on Windows devices.

Briefly Topped Platform’s Trending List

The fake repository managed to top the Hugging Face platform’s trending list, garnering an impressive 244,000 interactions before being taken down. The platform allows developers and researchers to share AI models, datasets, and machine learning tools.

Exploiting Feature to Deploy Malware

The malicious repository exploited this feature by copying the legitimate Privacy Filter release, including its model card nearly verbatim, and shipping a loader.py file that downloads and executes infostealer malware on Windows machines.

According to the researchers, “the loader.py Python script contained fake AI-related code to appear innocuous, but in reality, it disabled SSL verification, decoded a base64 URL pointing to an external resource, and then fetched and executed a JSON payload containing a PowerShell command.”

This command was executed in an invisible window, allowing the malware to remain undetected. The final payload is a Rust-based infostealer that targets sensitive data, including browser data from Chromium- and Gecko-based browsers, Discord tokens, local databases, cryptocurrency wallets, SSH, FTP, and VPN credentials, and system information.

Extensive Anti-Analysis Features

HiddenLayer highlighted the malware’s extensive anti-analysis features, designed to evade analysis systems, including checks for virtual machines, sandboxes, debuggers, and analysis tools. The researchers noted that the exact number of victims in this incident remains unclear, although they found that 667 accounts had interacted with the malicious repository, with most appearing to be auto-generated.

Additional Repositories Exploiting Loader Infrastructure

The researchers discovered additional repositories that utilized the same malicious loader infrastructure and identified overlaps with a previous npm typosquatting campaign distributing the WinOS 4.0 implant. This suggests that threat actors continue to abuse Hugging Face and other platforms to spread malicious software.

Related News: 99% of What Mythos Found Remains Unpatched

In related news, HiddenLayer researchers also discovered that 99% of what Mythos Found is still unpatched, indicating a significant vulnerability in the security landscape.