Researchers have spotted two machine learning (ML) models containing malicious code on Hugging Face Hub, the popular online repository for datasets and pre-trained models.
Once one of them is downloaded and executed on the developer’s machine, the malicious payload checks if it is being executed on a Windows, Linux or a system using the Mach kernel (e.g., macOS). Depending on the results of the check, it uses different programming logic to create a reverse shell that connects to a hardcoded IP address.
The discovery
The Hugging Face Hub is an online platform where software developers and researchers can find, share and collaborate on ML models. These models provide functions that can be embedded in software applications.
A malicious model on Hugging Face Hub,…