A lookalike repository impersonating OpenAI’s Privacy Filter model racked up 244,000 downloads in under 18 hours before Hugging Face pulled it.
Source: Decrypt
Fake OpenAI Repo Hit #1 on Hugging Face—And Stole Passwords While It Trended
A counterfeit OpenAI repository surged to the top of Hugging Face's trending list, raising significant security concerns as it was designed to steal user passwords. The malicious repo tricked users into downloading a harmful package that mimicked legitimate OpenAI offerings. As it gained popularity, cybersecurity experts warned that unsuspecting users could easily fall victim to this phishing scheme. The incident highlights the ongoing risks associated with open-source platforms and the need for heightened vigilance against such deceptive tactics. Users are urged to verify the authenticity of repositories before downloading any software to safeguard their sensitive information.