← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw
WHITE AlienVault 2026-05-11 Modified: 2026-05-11
43
IOCs
MEDIUM VOLUME
Threat actors are actively exploiting AI distribution platforms like Hugging Face and ClawHub to deliver malware by embedding malicious code within models, datasets, and agent extensions. Over 575 malicious skills across 13 developer accounts were identified in the OpenClaw ecosystem, targeting Windows and macOS with trojans, cryptominers, and AMOS stealer. Attackers abuse trust relationships between users and AI platforms through indirect prompt injection, where hidden instructions cause AI agents to execute malicious actions on behalf of users. Trojanized skills masquerade as legitimate tools while instructing users to execute encoded commands or install hidden malicious dependencies. On Hugging Face, repositories host payloads within multistep infection chains disguised as legitimate applications. These campaigns employ social engineering, obfuscation, encryption, in-memory execution, process injection, and persistence techniques to evade detection while establishing covert command-and-control communica...
amos stealerclawhubopenclawhugging facetrojanized skillscryptominerai supply chainindirect prompt injection
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
AMOS Stealer
Indicators of Compromise (7 / 43 total)
All IPv4 FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
URL http://91.92.242.30/1v07y9e1m6v7thl6 2026-05-11
URL http://91.92.242.30/6wioz8285kcbax6v 2026-05-11
URL https://glot.io/snippets/hfd3x9ueu5 2026-05-11
URL https://glot.io/snippets/hfdxv8uyaf 2026-05-11
URL https://install.app-distribution.net/setup/ 2026-05-11
URL https://velvet-parrot.com 2026-05-11
URL https://velvet-parrot.com:443 2026-05-11
References (1)
↗ https://www.acronis.com/en/tru/posts/poisoning-the-well-ai-supply-chain-attacks-on-hugging-face-and-openclaw