← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Malware Found in Trending Hugging Face Repository "Open-OSS/privacy-filter"
WHITE celestre 2026-05-14 Modified: 2026-05-14
11
IOCs
MEDIUM VOLUME
On the 7th of May 2026, we identified malicious code in the Hugging Face repository Open-OSS/privacy-filter, which at the time appeared among the platform's top trending repositories with over 200k downloads until its removal by the Hugging Face team. The repository had typosquatted OpenAI's legitimate Privacy Filter release, copied its model card nearly verbatim, and shipped a loader.py file that fetches and executes infostealer malware on Windows machines.
hugging faceinfostealerwinosc2 ipspowershellfile hashessha256payload
Indicators of Compromise (11)
All FileHash-SHA256 IPv4 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 04f0569971ac7ff81c8656e8453a69189d8870040044909dad45c04c567e7564 2026-05-14
FileHash-SHA256 4fba92a34fd9338293de53444bc9f05c278897d903a24efb95fde0522b3d50c0 2026-05-14
FileHash-SHA256 6d5b1b7b9b95f2074094632e3962dc21432c2b7dccfbbe2c7d61f724ffcfea7c 2026-05-14
FileHash-SHA256 6db01158b044f178c45754666e2cbc0365f394e953fbf99ec34aa5304d5b79b1 2026-05-14
FileHash-SHA256 ba67720dd115293ec5a12d08be6b0ee982227a4c5e4662fb89269c76556df6e0 2026-05-14
FileHash-SHA256 c1b59cc25bdc1fe3f3ce8eda06d002dda7cb02dea8c29877b68d04cd089363c7 2026-05-14
IPv4 89.124.93.110 CC=IE ASN=AS25441 imagine communications group limited 2026-05-14
URL http://jsonkeeper.com/b/AVNNE 2026-05-14
domain jsonkeeper.com 2026-05-14
domain recargapopular.com 2026-05-14
hostname api.eth-fastscan.org 2026-05-14
References (1)
↗ https://www.hiddenlayer.com/research/malware-found-in-trending-hugging-face-repository-open-oss-privacy-filter#iocs