RSS
Last updated: May 13, 2026 at 5:42 AM UTC
All 208 Vulnerability 72 Breach 41 Threat 88 Defense 7
Tag: ai-brand-impersonation (2 articles)Clear
threat
2026-05-09

A fake OpenAI repository on Hugging Face reached the trending #1 spot before getting caught - 244,000 downloads delivered an infostealer that grabs browser passwords, crypto wallets, and Discord tokens

HiddenLayer disclosed a malicious Hugging Face repository called Open-OSS/privacy-filter that typosquatted OpenAI's legitimate Privacy Filter project. The repo copied the original model card almost verbatim and shipped a loader.py file that, on Windows, fetched and executed an infostealer. The repo briefly hit Hugging Face's trending list at #1 and accumulated 244,000 downloads before the platform pulled it on May 7. The loader runs in an invisible PowerShell window, escalates privileges, adds itself to Microsoft Defender exclusions, and deploys Sefirah - a Rust-based infostealer that targets browser credentials, Discord tokens, cryptocurrency wallets, and SSH keys.

hugging-facefake-openaiprivacy-filtersefirahrust-infostealerhiddenlayertyposquat244k-downloadsai-brand-impersonationcrypto-walletsdiscord-tokensnpm-typosquat-link
Check
Search proxy and DNS logs for connections to Hugging Face repository 'Open-OSS/privacy-filter' or downloads of 'loader.py' tied to it since April. Hunt Windows endpoints for sefirah.exe and unfamiliar Microsoft Defender exclusions.
Affected
Windows machines whose users downloaded from Open-OSS/privacy-filter between late April and May 7. AI/ML developers are the highest-risk role. Acute risk: developers whose machines hold cryptocurrency wallets, Discord tokens, and SSH keys to production. Cryptocurrency holders specifically targeted by Sefirah's wallet-extraction modules.
Fix
Block Open-OSS/privacy-filter at the network egress layer. For machines that may have run the loader: rotate every browser-stored credential, Discord token, SSH key, and cryptocurrency wallet seed. Enforce signature verification for Hugging Face models pulled into production. Treat all Hugging Face repositories as untrusted by default. Apply HiddenLayer's published Sefirah IoCs.
threat
2026-05-07

Fake Claude AI website is delivering a brand-new Windows malware called 'Beagle' to people searching for the chatbot

BleepingComputer reports a fake Claude AI website is delivering a previously undocumented Windows malware called Beagle. The site impersonates Anthropic's Claude with a near-perfect clone of the official UI; visitors who click 'Download for Windows' get a Beagle installer rather than the legitimate Claude desktop app (Anthropic distributes Claude through claude.ai and the Mac App Store, not standalone Windows installers). Beagle harvests credentials from browsers, cryptocurrency wallets, Discord tokens, and SSH keys. Distribution is via Google Ads on Claude-related search terms - the same paid-placement abuse pattern hitting GoDaddy ManageWP, AWS, and Notion.

beaglefake-claudeanthropic-impersonationgoogle-adscredential-stealercrypto-walletswindowsai-brand-impersonationtyposquat
Check
Search proxy logs for visits to Claude-themed domains other than claude.ai or anthropic.com over the past 30 days. Hunt Windows endpoints for processes with Anthropic-branded names not signed by Anthropic.
Affected
Windows users searching for Claude or Anthropic products via Google search, particularly developers and AI-curious users. Acute risk: organizations whose staff use Claude through individual rather than enterprise accounts (no centralized management), and developers who pull AI tooling installers from search results. Cryptocurrency holders are at the highest risk.
Fix
Block Google Ads on AI-product searches via corporate browser policy or uBlock Origin. Brief staff that Anthropic distributes Claude through claude.ai and the Mac App Store - there is no standalone Windows installer. Treat any endpoint that downloaded a 'Claude installer' since April as compromised: rotate browser-stored credentials, crypto wallet keys, Discord tokens, and SSH keys.