Hugging Face, ClawHub Abused for Malware Distribution

The rise of AI‑centric code repositories has introduced a new vector for cyber‑crime. Platforms like Hugging Face and ClawHub were built to accelerate model sharing and skill development, but their open‑access nature also makes them attractive to adversaries seeking to piggyback on community trust. By embedding malicious payloads in seemingly innocuous repositories, attackers bypass traditional security controls that focus on executable binaries, instead leveraging the very mechanisms that enable rapid AI innovation.

Acronis' investigation highlights a sophisticated use of indirect prompt injection, where compromised AI agents receive hidden instructions embedded in shared resources. This technique allows the malicious code to execute with elevated privileges on the end‑user’s machine, delivering trojans, cryptominers, and information stealers such as the notorious AMOS stealer. The campaigns span multiple operating systems—Windows, macOS, Linux, and Android—demonstrating a broad, cross‑platform threat landscape that can affect developers, enterprises, and individual users alike.

For organizations, the key takeaway is the need to extend supply‑chain security beyond traditional software components to include AI model and skill ecosystems. Continuous monitoring of repository activity, verification of contributor reputations, and sandboxed testing of downloaded assets can mitigate the risk. As AI platforms continue to scale, proactive threat‑intelligence sharing and automated detection of anomalous file patterns will be essential to prevent malicious code from slipping through the cracks of trusted development environments.