Malicious Hugging Face Repository Typosquats OpenAI

Security researchers identified a typosquatted Hugging Face repository (Open-OSS/privacy-filter) distributing a Rust-based infostealer via a loader script (start.bat / python loader.py). The malware, which appeared to have artificially inflated popularity, drops a credential-harvesting executable that steals browser passwords, session cookies, Discord tokens, crypto wallets, Telegram sessions and more while employing sandbox/VM/debugger checks and attempting to disable AMSI/ETW; the vendor advises treating affected hosts as fully compromised, wiping them, rotating all credentials and moving crypto funds to clean devices.