Malware Found in Trending Hugging Face Repository 'Open-OSS/privacy-filter'

Summary

Earlier this afternoon on the 7th of May 2026, we identified malicious code in the Hugging Face repository Open-OSS/privacy-filter, which currently appears among the platform's top trending repositories with over 200k (likely artificially inflated) downloads in the past day. The repository typosquats OpenAI's legitimate Privacy Filter release, copies its model card nearly verbatim, and ships a loader.py file that fetches and executes infostealer malware on Windows machines.

Recommended actions

If you have cloned this repository and executed start.bat or loader.py on a Windows machine, assume the system is compromised. Disconnect it from sensitive networks, rotate any credentials accessible from that host (including SSH keys, cloud provider tokens, browser-stored passwords, and .env files in nearby project directories), run a full scan with up-to-date endpoint protection, and check for signs of further compromise.

IOCs

Disclosure

We have reported the repository to Hugging Face's security team and are publishing this advisory to alert users who may have already installed the package. We will update this post as the situation develops.

‍