PANews reported on May 13th that, according to Decrypt, a fake repository impersonating an OpenAI privacy filter topped the trending charts on Hugging Face, gaining approximately 244,000 downloads and 667 likes within 18 hours before being taken down. Security firm HiddenLayer discovered that 657 of the likes came from bot accounts. This malicious repository contained a six-stage data theft program: disabling security checks via a loader.py script, silently executing PowerShell to download the final payload written in Rust, and running it with SYSTEM privileges. The malware stole passwords, encrypted wallet mnemonic phrases, SSH keys, FTP credentials, and Discord tokens from Chrome and Firefox, sending screenshots to the attacker's server, and also checking the virtual machine environment to evade analysis. HiddenLayer also discovered six other malicious repositories using the same infrastructure, impersonating models such as Qwen3, DeepSeek, and Bonsai.