Security: Typosquat repository distributing Boxter malware

#17

by ULTRAKlLL - opened about 11 hours ago

The repository Open-OSS/privacy-filter is impersonating this
official OpenAI model. It copies this model card verbatim but
adds a malicious loader.py and start.bat that distribute
Boxter family malware.

Repository: https://huggingface.co/Open-OSS/privacy-filter
Current stats: 244,168 downloads, 208 likes

Attack chain:

start.bat executes loader.py before installing dependencies
loader.py fetches PowerShell command from jsonkeeper.com/b/AVNNE
PowerShell downloads api.eth-fastscan.org/update.bat
update.bat is Boxter malware (VT: 8/60)
SHA256: d64adb275165847f9f99a7d4d31b1bef8ad5755e5c2736774eaeebcc3361ec4a

VirusTotal: https://www.virustotal.com/gui/file/d64adb275165847f9f99a7d4d31b1bef8ad5755e5c2736774eaeebcc3361ec4a

Already reported to HF security team. Posting here so OpenAI
is aware and other users searching for this model see the warning.

Related campaign: NVISO Labs (Nov 2025) reported the same
jsonkeeper.com abuse for Contagious Interview campaign:
https://blog.nviso.eu/2025/11/13/contagious-interview-actors-now-utilize-json-storage-services-for-malware-delivery/

mihaimaruseac

OpenAI org about 4 hours ago

Thank you for the report. It seems to be down now.

mihaimaruseac changed discussion status to closed about 4 hours ago

Upload images, audio, and videos by dragging in the text input, pasting, or clicking here.

Tap or paste here to upload images

· Sign up or log in to comment