Malicious Software Found on Hugging Face Platform

A malicious repository on Hugging Face, posing as an OpenAI release, delivered infostealer malware to Windows machines. The repository, named 'Open-OSS/privacy-filter', was downloaded around 244,000 times before being removed, though this number may have been artificially inflated. The malware targeted browsers, cryptocurrency wallets, and other sensitive data. This incident highlights the security risks associated with public AI model registries, as developers often clone models into environments with access to critical systems. Hugging Face has since removed the compromised repository.