Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
highnews
security
Source: The Hacker NewsMay 11, 2026
Summary
A fake repository on Hugging Face (a platform for sharing AI models) impersonated OpenAI's Privacy Filter model and tricked 244,000 users into downloading malware disguised as a legitimate tool. The malicious repository copied the real project's description verbatim and included a loader script that deployed an information stealer, a type of malware that harvests sensitive data like passwords, screenshots, and cryptocurrency wallet information from Windows machines.
Solution / Mitigation
Access to the malicious model has since been disabled by Hugging Face.
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
OpenAIHuggingFace
Related Issues
Monthly digest — independent AI security research
Original source: https://thehackernews.com/2026/05/fake-openai-privacy-filter-repo-hits-1.html
First tracked: May 11, 2026 at 08:00 AM
Classified by LLM (prompt v3) · confidence: 95%