Malicious ML models discovered on Hugging Face platform

Feb. 7, 2025, 8:21 a.m.

Description

RL researchers have identified a novel attack technique called nullifAI on the Hugging Face platform, which abuses Pickle file serialization to distribute malware. Two malicious models were found containing reverse shell code, bypassing Hugging Face's security scanning mechanisms. The attack exploits a vulnerability in the Picklescan tool, which fails to detect dangerous functions in broken Pickle files. This poses a significant risk to developers using the platform. The researchers created proof-of-concept samples to demonstrate the flaw and reported their findings to Hugging Face, who promptly removed the malicious models and updated their security tools.

External References

https://www.reversinglabs.com/blog/rl-identifies-malware-ml-model-hosted-on-hugging-face
https://otx.alienvault.com/pulse/67a54f0b9fd8e7bf08a4a237
Tags
reverse shell
machine learning
2025-02-07
pytorch
ai security
hugging face
pickle serialization
nullifai
picklescan

Date

  • Created: Feb. 7, 2025, 12:08 a.m.
  • Published: Feb. 7, 2025, 12:08 a.m.
  • Modified: Feb. 7, 2025, 8:21 a.m.

Attack Patterns

  • nullifAI

Additional Informations

  • Technology