insights

Malware Found in Trending Hugging Face Repository "Open-OSS/privacy-filter"

By

HiddenLayer Research Team

May 7, 2026

Table of Contents

H2 Link

Share:

Summary

Earlier this afternoon on the 7th of May 2026, we identified malicious code in the Hugging Face repository Open-OSS/privacy-filter, which currently appears among the platform's top trending repositories with over 200k (likely artificially inflated) downloads in the past day. The repository typosquats OpenAI's legitimate Privacy Filter release, copies its model card nearly verbatim, and ships a loader.py file that fetches and executes infostealer malware on Windows machines.

Recommended actions

If you have cloned this repository and executed start.bat or loader.py on a Windows machine, assume the system is compromised. Disconnect it from sensitive networks, rotate any credentials accessible from that host (including SSH keys, cloud provider tokens, browser-stored passwords, and .env files in nearby project directories), run a full scan with up-to-date endpoint protection, and check for signs of further compromise.

IOCs

Disclosure

We have reported the repository to Hugging Face's security team and are publishing this advisory to alert users who may have already installed the package. We will update this post as the situation develops.

Related Insights

Insights
min read

From Detection to Evidence: Making AI Security Actionable in Real Time

Insights
min read

The Threat Congress Just Saw Isn’t New. What Matters Is How You Defend Against It.

Insights
min read

Claude Mythos: AI Security Gaps Beyond Vulnerability Discovery

Stay Ahead of AI
Security Risks

Get research-driven insights, emerging threat analysis, and practical guidance on securing AI systems—delivered to your inbox.

Thanks for joining us!

Your subscription is confirmed, and updates
will be on the way soon.
Oops! Something went wrong while submitting the form.