Artificial Intelligence Hugging Face, ClawHub Abused for Malware Distribution Threat actors are relying on social engineering to lure users into downloading files containing malicious instructions. By Ionut Arghire | May 1, 2026 (4:41 AM ET) Flipboard Reddit Whatsapp Whatsapp Email Threat actors are using trojanized shared files to distribute malware via AI distribution platforms such as Hugging Face and ClawHub, Acronis reports. The attacks do not compromise AI agents, but rely on social engineering to trick users into downloading files containing malicious code designed to execute commands, fetch payloads, and install hidden dependencies. The same as other AI distribution platforms, both Hugging Face and ClawHub allow developers to easily share code, and threat actors are abusing users’ trust in them for nefarious purposes. “A key aspect of this activity is the abuse of trust between users, AI agents and external resources. Through techniques such as indirect prompt injection, attackers embed hidden instructions that can be executed by AI systems without user awareness,” Acronis explains . On ClawHub, the company identified close to 600 malicious skills across 13 developer accounts designed to distribute trojans, cryptominers, and information stealers targeting both Windows and macOS systems. Two of the identified developer accounts contained most of the malicious skills: hightower6eu had 334, and sakaen736jih had 199, Acronis says. Advertisement. Scroll to continue reading. In the OpenClaw ecosystem, skills are community-built extensions that allow users to expand their agents’ capabilities. This modular architecture also means that the AI can execute external code with high privileges. By injecting indirect prompts into resources that the AI reads, the attackers instruct the agents to download and execute code on users’ machines, leading to malware infections. One of the identified payloads targeting macOS users is the infamous Atomic macOS Stealer (AMOS) Stealer. “It appears that threat actors distributing payloads through traditional vectors such as malvertisement are increasingly shifting toward poisoning trusted distribution channels. In particular, AI-related platform ecosystems such as ClawHub are being abused to deliver payloads while leveraging user trust in legitimate-looking AI tooling,” Acronis says. Across two distribution campaigns abusing Hugging Face, the attackers created repositories hosting malicious files and designed to stage multi-step infection chains leading to infostealers, trojans, malware loaders, and other types of malware targeting Windows, Linux, and Android. According to Acronis, other campaigns may also abuse the platform for similar purposes, as threat actors take advantage of Hugging Face’s increased popularity and rapid expansion. “Accurately measuring the full extent is difficult because of the platform’s scale and the dynamic nature of hosted content. The true scale of this activity is likely higher but requires further and deeper investigation,” Acronis notes. Related: Chinese Cybersecurity Firm’s AI Hacking Claims Draw Comparisons to Claude Mythos Related: Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw Related: Hugging Face Abused to Deploy Android RAT Related: Dozens of Open VSX Extension Clones Linked to GlassWorm Malware Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months ‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure Checkmarx Confirms Data Stolen in Supply Chain Attack Iranian Cyber Group Handala Targets US Troops in Bahrain Chrome 147, Firefox 150 Security Updates Rolling Out Alleged Chinese State Hacker Extradited to US Dozens of Open VSX Extension Clones Linked to GlassWorm Malware Latest News FBI Warns of Surge in Hacker-Enabled Cargo Theft 1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom Anthropic Unveils Claude Security to Counter AI-Powered Exploit Surge AI Fuels ‘Industrial’ Cybercrime as Time-to-Exploit Shrinks to Hours SonicWall Urges Immediate Patching of Firewall Vulnerabilities SAP NPM Packages Targeted in Supply Chain Attack Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks EnOcean SmartServer Flaws Expose Buildings to Remote Hacking Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: A Step-by-Step Approach to AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection and Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the Move AutoNation has appointed Brian Fricke as Chief Information Security Officer. Varun Kohli has joined GetReal Security as Chief Marketing Officer. MongoDB has appointed Doug Bowers as Chief Information Security Officer. More People On The Move Expert Insights The Mythos Moment: Enterprises Must Fight Agents with Agents Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. (Etay Maor) Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents From autonomous code generation to decision-making systems that initiate actions without human intervention, the industry is entering a new phase. (Torsten George) Government Can’t Win the Cyber War Without the Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) Flipboard Reddit Whatsapp Whatsapp Email