Fake OpenAI Repository on Hugging Face Targets Crypto Wallets

Security researchers have uncovered a sophisticated malicious campaign targeting the artificial intelligence developer community on the Hugging Face platform. A fraudulent repository, designed to impersonate a legitimate OpenAI privacy filter, successfully bypassed initial security scrutiny to reach the top of the trending list before being identified as a distribution point for potent spyware. The incident highlights a growing trend of "repo-jacking" and supply chain attacks aimed at stealing cryptocurrency seed phrases and sensitive credentials from developers and AI enthusiasts.

Mechanism of the Six-Stage Spyware Attack

The malicious package was engineered with a high degree of technical sophistication to evade standard detection methods. According to an analysis by security firm HiddenLayer, the repository utilized a multi-stage infection chain to compromise host systems.

• The process begins with a script named loader.py, which is responsible for disabling local security software.
• It triggers a silent PowerShell execution to maintain a low profile.
• The final payload, written in the Rust programming language, is downloaded and executed with elevated SYSTEM privileges.
• The malware features environmental awareness, detecting virtual machines to avoid analysis by security researchers.

Targeting Digital Assets and Developer Data

The primary objective of the attackers appears to be the exfiltration of high-value data, with a specific focus on cryptocurrency assets. Once the Rust-based payload is active, it systematically scans the infected machine for various sensitive files.

The malware steals passwords from Chrome and Firefox, cryptocurrency wallet seed phrases, SSH keys, FTP credentials, and Discord tokens.

Beyond credential harvesting, the spyware is capable of taking periodic screenshots of the user's desktop, transmitting them directly to the attacker's command-and-control server. This allows hackers to capture private keys or recovery phrases that might be displayed on screen during wallet setup or management.

Manipulation of Platform Metrics

Before its removal, the repository achieved significant visibility, garnering approximately 244,000 downloads and 667 likes within an 18-hour window. However, investigation revealed that the popularity of the project was largely manufactured. HiddenLayer confirmed that 657 of the likes originated from bot accounts, a tactic used to exploit the Hugging Face trending algorithm and gain the trust of unsuspecting users.

The prevalence of such attacks underscores the critical need for vigilance when integrating third-party repositories into development workflows. Users are advised to verify the authenticity of publishers and inspect source code before execution, particularly when dealing with tools that claim to represent major entities like OpenAI. As the intersection of AI and blockchain technology grows, these platforms will likely remain high-priority targets for cybercriminals seeking to drain digital wallets.