Threat actors are actively abusing AI platforms Hugging Face and ClawHub for large-scale malware delivery, exploiting trust in AI ecosystems to distribute trojans, cryptominers, and infostealers like AMOS. Over 575 malicious OpenClaw skills were identified across 13 developer accounts.

In brief - Cybercriminals are weaponizing AI distribution platforms to deliver malware at scale, leveraging indirect prompt injection and social engineering to compromise Windows and macOS systems. The abuse of Hugging Face and ClawHub highlights critical risks in AI supply chains.

Technically - Attackers use indirect prompt injection on ClawHub to turn AI agents into intermediaries, executing base64-encoded commands or installing password-protected archives. Payloads include AMOS stealer (macOS) and cryptominers (Windows), with persistence via scheduled tasks and Defender exclusions. On Hugging Face, campaigns like ITHKRPAW and FAKESECURITY employ obfuscated PowerShell, Cloudflare Workers, and dead-drop resolvers (e.g., Telegram bots) for C2. Techniques include XOR/AES encryption, process injection, and high-entropy overlays to evade detection.

Source: https://www.acronis.com/en/tru/posts/poisoning-the-well-ai-supply-chain-attacks-on-hugging-face-and-openclaw/

#Cybersecurity #ThreatIntel