← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Malware Found in Trending Hugging Face Repository Open-OSS/privacy-filter
WHITE PetrP.73 2026-05-13 Modified: 2026-05-13
27
IOCs
MEDIUM VOLUME
On May 7, 2026, malicious code was discovered in the Hugging Face repository Open-OSS/privacy-filter, which had gained significant traction, amassing over 200,000 downloads within a single day prior to its removal. This repository utilized typosquatting techniques on OpenAI's genuine Privacy Filter, closely replicating its model card while incorporating a harmful http://loader.py file intended to deliver infostealer malware to Windows machines.
hugging facehuggingfaceopenaiwindowstempprivacy filterjsonkeeperjson pastelocalappdataappdataaprilwinosdiscordpantherinfostealerpowershellpayloadjson
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (27)
All FileHash-SHA256 IPv4 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 04f0569971ac7ff81c8656e8453a69189d8870040044909dad45c04c567e7564 2026-05-13
FileHash-SHA256 4fba92a34fd9338293de53444bc9f05c278897d903a24efb95fde0522b3d50c0 2026-05-13
FileHash-SHA256 6d5b1b7b9b95f2074094632e3962dc21432c2b7dccfbbe2c7d61f724ffcfea7c 2026-05-13
FileHash-SHA256 6db01158b044f178c45754666e2cbc0365f394e953fbf99ec34aa5304d5b79b1 2026-05-13
FileHash-SHA256 ba67720dd115293ec5a12d08be6b0ee982227a4c5e4662fb89269c76556df6e0 2026-05-13
FileHash-SHA256 c1b59cc25bdc1fe3f3ce8eda06d002dda7cb02dea8c29877b68d04cd089363c7 2026-05-13
IPv4 89.124.93.110 CC=IE ASN=AS25441 imagine communications group limited 2026-05-13
URL http://api.eth-fastscan.org/sefirah 2026-05-13
URL http://api.eth-fastscan.org/update.bat 2026-05-13
URL http://api.eth-fastscan.org/update.bat' 2026-05-13
URL http://jsonkeeper.com/b/AVNNE 2026-05-13
domain chromium.rs 2026-05-13
domain debug.rs 2026-05-13
domain discord.rs 2026-05-13
domain eth-fastscan.org 2026-05-13
domain extensions.rs 2026-05-13
domain files.rs 2026-05-13
domain gecko.rs 2026-05-13
domain identity.rs 2026-05-13
domain jsonkeeper.com 2026-05-13
domain loader.rs 2026-05-13
domain recargapopular.com 2026-05-13
domain resolve.rs 2026-05-13
domain screenshots.rs 2026-05-13
domain wallets.rs 2026-05-13
domain welovechinatown.info 2026-05-13
hostname api.eth-fastscan.org 2026-05-13
References (1)
↗ https://www.hiddenlayer.com/research/malware-found-in-trending-hugging-face-repository-open-oss-privacy-filter