By rssfeeds-admin 
Security researchers have discovered that the repository, named Open-OSS/privacy-filter, is distributing a sophisticated credential-harvesting infostealer.
The threat actors artificially inflated the repository’s popularity to reach the top trending spot, using fake accounts to generate hundreds of likes in a matter of hours.
If a user clones this repository or related ones and executes any file on a Windows host, the system is immediately compromised.
Cybersecurity experts strongly advise victims to treat their machines as fully breached, prioritizing a complete system reimage over standard cleanup procedures.
Hugging Face Repo Spreads Malware
The attack begins when a victim visits the compromised Hugging Face repository, which uses a model card copied directly from a legitimate project to appear authentic.
The repository instructs users to run specific scripts that appear harmless, but actually execute decoy code.
However, the script turns off SSL verification and fetches a command from a public JSON paste service, allowing the attackers to update the payload without altering the repository itself.
This hidden PowerShell command executes silently and targets Windows systems specifically, while failing harmlessly on Linux and macOS.
Following this, a second-stage downloader fetches a batch file that mimics a blockchain analytics API. This file checks for administrator privileges, downloads the final payload, and adds Microsoft Defender exclusions to evade detection.
Organizations and individuals affected by this malware must take immediate and decisive action.
Victims must completely isolate the infected host and avoid logging into any accounts from the compromised machine.
It is critical to rotate all credentials stored in browsers, password managers, and credential stores, as session cookies can bypass multi-factor authentication.
Users should also generate new cryptocurrency wallets on a clean device and invalidate all Discord sessions.
Security teams should block the associated network indicators at the egress point and conduct historical threat hunting to identify any other compromised hosts within their network.
Researchers from HiddenLayer and Panther have observed related malicious activities and identified multiple repositories under the user account anthfu that contain identical loader scripts.
Furthermore, the infrastructure used in this campaign shares domains with previously documented npm typosquatting operations.
This shared infrastructure strongly suggests that these attacks are part of a broader, coordinated supply chain operation aimed at infiltrating open-source ecosystems.
Indicators of Compromise
| Indicator Type | Value | Description |
|---|---|---|
| Domain | api[.]eth-fastscan[.]org | Hosting update.bat and infostealer payload |
| Domain | recargapopular[.]com | Infostealer C2 |
| Domain | welovechinatown[.]info | WinOS 4.0 C2 |
Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post Popular Hugging Face Repo With 200K Downloads Executes Windows Malware appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.