There's this new "model" on Hugging Face titled Open-OSS/privacy-filter which is actually a customized infostealer virus. It's a fake version of the OpenAI privacy filter and it uses a Python-based dropper (loader.py) which downloads a malicious PowerShell command from the internet, which spawns another PowerShell command and downloads a shady EXE file and runs it using Task Scheduler.
Here's a behavior analysis of what the EXE does: https://tria.ge/260507-tnftrsfx5x/behavioral1
I also reported both the dropper and the EXE to Microsoft.
I also reported the repo to HF.
If you use Linux (which is easier to use for AI/ML) you are unaffected as this is a Windows virus.
[link] [comments]