AI & Technology

Threat Actors Weaponize AI Platforms: Hugging Face, ClawHub Host Malware

By Sentinel News Editorial Team

May 01, 2026 Source: Securityweek 5 views

Threat actors are increasingly exploiting the trust in popular AI distribution platforms like Hugging Face and ClawHub to spread malware, according to a new report from Acronis. These attacks leverage social engineering and indirect prompt injection to trick users into downloading malicious files from seemingly legitimate repositories. The discovery highlights a growing and concerning trend of poisoning trusted digital supply chains within the burgeoning AI ecosystem.

Threat actors are distributing malware, including trojans, cryptominers, and info-stealers, via popular AI distribution platforms Hugging Face and ClawHub.
Attacks rely on social engineering and indirect prompt injection, exploiting user trust in shared resources without directly compromising AI agents.
Malicious campaigns target Windows, macOS, Linux, and Android systems, leveraging hundreds of trojanized 'skills' and repositories on these platforms.

Intelligence briefing: Why this matters: The weaponization of trusted AI development and distribution platforms presents a significant new attack vector, demanding enhanced supply chain security protocols and rigorous vetting for all AI-related assets adopted by IT and military professionals.

Threat actors are using trojanized shared files to distribute malware via AI distribution platforms such as Hugging Face and ClawHub, Acronis reports.

The attacks do not compromise AI agents, but rely on social engineering to trick users into downloading files containing malicious code designed to execute commands, fetch payloads, and install hidden dependencies.

The same as other AI distribution platforms, both Hugging Face and ClawHub allow developers to easily share code, and threat actors are abusing users’ trust in them for nefarious purposes.

“A key aspect of this activity is the abuse of trust between users, AI agents and external resources. Through techniques such as indirect prompt injection, attackers embed hidden instructions that can be executed by AI systems without user awareness,” Acronis explains.

On ClawHub, the company identified close to 600 malicious skills across 13 developer accounts designed to distribute trojans, cryptominers, and information stealers targeting both Windows and macOS systems.

Two of the identified developer accounts contained most of the malicious skills: hightower6eu had 334, and sakaen736jih had 199, Acronis says.

In the OpenClaw ecosystem, skills are community-built extensions that allow users to expand their agents’ capabilities. This modular architecture also means that the AI can execute external code with high privileges.

By injecting indirect prompts into resources that the AI reads, the attackers instruct the agents to download and execute code on users’ machines, leading to malware infections. One of the identified payloads targeting macOS users is the infamous Atomic macOS Stealer (AMOS) Stealer.

“It appears that threat actors distributing payloads through traditional vectors such as malvertisement are increasingly shifting toward poisoning trusted distribution channels. In particular, AI-related platform ecosystems such as ClawHub are being abused to deliver payloads while leveraging user trust in legitimate-looking AI tooling,” Acronis says.

Across two distribution campaigns abusing Hugging Face, the attackers created repositories hosting malicious files and designed to stage multi-step infection chains leading to infostealers, trojans, malware loaders, and other types of malware targeting Windows, Linux, and Android.

According to Acronis, other campaigns may also abuse the platform for similar purposes, as threat actors take advantage of Hugging Face’s increased popularity and rapid expansion.

“Accurately measuring the full extent is difficult because of the platform’s scale and the dynamic nature of hosted content. The true scale of this activity is likely higher but requires further and deeper investigation,” Acronis notes.

Related: Chinese Cybersecurity Firm’s AI Hacking Claims Draw Comparisons to Claude Mythos

Related: Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw

Related: Hugging Face Abused to Deploy Android RAT

Analysis

This development underscores a critical evolution in cyber warfare, where the focus shifts from direct infrastructure compromise to poisoning trusted software supply chains inherent in rapidly expanding AI ecosystems. For defense and cybersecurity professionals, the inherent trust placed in widely adopted platforms like Hugging Face creates a dangerous blind spot, potentially introducing sophisticated backdoors or data exfiltration vectors into AI-enabled operational systems. Proactive threat intelligence and robust sandboxing become paramount to mitigate the risks of compromised AI components affecting national security infrastructure.

hugging faceclawhubmalwareai securitysupply chain attacksocial engineeringinfostealer

Original reporting: https://www.securityweek.com/hugging-face-clawhub-abused-for-malware-distribution/