← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw
WHITE PetrP.73 2026-05-08 Modified: 2026-05-08
46
IOCs
MEDIUM VOLUME
Recent investigations by Acronis Threat Research Unit highlight the exploitation of AI distribution platforms, particularly Hugging Face and ClawHub, by cyber threat actors to deliver malware. These platforms, which are trusted repositories for AI models and tools, have become prime targets for attackers due to the inherent trust users place in their content. Attackers are embedding malicious functionality in software designed for AI ecosystems, utilizing the features of these platforms to extend the reach and impact of their malware beyond typical single-system compromises.
hugging faceclawhubminor actorfacegithubopenclawjoinwindows malwarewindowsai distributionfakesecuritypowershellexplorermaliciousvirustotaltrojantelegrambrokpathindoratsandroiddefenderloadermoltbotmacosithkrpawamosthreat
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Moltbot macOS ITHKRPAW FAKESECURITY AMOS OpenClaw Threat
Indicators of Compromise (7 / 46 total)
All IPv4 FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://91.92.242.30/1v07y9e1m6v7thl6 2026-05-08
URL http://91.92.242.30/6wioz8285kcbax6v 2026-05-08
URL https://glot.io/snippets/hfd3x9ueu5 2026-05-08
URL https://glot.io/snippets/hfdxv8uyaf 2026-05-08
URL https://install.app-distribution.net/setup/ 2026-05-08
URL https://velvet-parrot.com 2026-05-08
URL https://velvet-parrot.com:443 2026-05-08
References (1)
↗ https://www.acronis.com/en/tru/posts/poisoning-the-well-ai-supply-chain-attacks-on-hugging-face-and-openclaw/