Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

I visited Hugging Face/Hugging Chat recently. Should I be concerned?


  • Please log in to reply
5 replies to this topic

#1 SuperSapien64

SuperSapien64

  •  Avatar image
  • Members
  • 2,372 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 29 February 2024 - 01:15 PM

Within the last week or two I visited Hugging Face/Hugging Chat on my Android phone running Android version 14 security patch January 1st 2024 and I read here that there was an exploit on the site recently:

 

https://www.bleepingcomputer.com/news/security/malicious-ai-models-on-hugging-face-backdoor-users-machines/

 

 

Should I be concerned?

I just did a scan with Malwarebytes and Bitdefender and they found nothing.

But the domain has malware scanners and they found nothing so I don't know what to think?



BC AdBot (Login to Remove)

 


#2 Dill2046

Dill2046

  •  Avatar image
  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:10 PM

Posted 29 February 2024 - 08:52 PM

Just adding to your comment.  Here's the blog post of the researchers who raised the issues: https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/

 

The problems appear to be malicious MLs in the hundreds, with different kinds of payloads, some of which the researchers were unsure if they did anything really malicious or not, because it could have been AI vulnerability researchers with sloppy practices.

 

The questions here are 1) did the OP ever download and run a truly malicious ML on his system, 2) if such information is absent (not sure, especially because the malicious MLs are not enumerated), were any confidential information extracted and would having run a malicious ML leave an undetectable silent backdoor as the article strongly suggests it may have.

 

If you believe in the article, then it seems one of the surest methods is to reinstall the OS, and resetting passwords on most important accounts.


Edited by Dill2046, 29 February 2024 - 08:53 PM.


#3 midimusicman79

midimusicman79

    Sec & Web Browser Enthusiast


  •  Avatar image
  • BC Advisor
  • 4,639 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:06:10 AM

Posted 01 March 2024 - 01:40 PM

Within the Malicious AI models on Hugging Face backdoor users’ machines BC News article, another member, sev7en2507, just posted a link to a similar Reddit article.

 

Malicious AI models on Hugging Face backdoor users’ machines.

 

Good luck! :)


MS Win 10 Pro 64-bit V. 22H2 (19045) Desktop PC, EAMH Paid/EEK, MB 4 Prem., WPP, NVT OSA Free, and Unchecky, MDFW, FF with uBO, Grammarly Free, MBBG, and Acronis CPHOE (DI), SUMo Free. I have 28.5 Years of PC Experience.


#4 SuperSapien64

SuperSapien64
  • Topic Starter

  •  Avatar image
  • Members
  • 2,372 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 01 March 2024 - 04:22 PM

Just adding to your comment.  Here's the blog post of the researchers who raised the issues: https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/

 

The problems appear to be malicious MLs in the hundreds, with different kinds of payloads, some of which the researchers were unsure if they did anything really malicious or not, because it could have been AI vulnerability researchers with sloppy practices.

 

The questions here are 1) did the OP ever download and run a truly malicious ML on his system, 2) if such information is absent (not sure, especially because the malicious MLs are not enumerated), were any confidential information extracted and would having run a malicious ML leave an undetectable silent backdoor as the article strongly suggests it may have.

 

If you believe in the article, then it seems one of the surest methods is to reinstall the OS, and resetting passwords on most important accounts.

Well I didn't install any MLs I just used their web AI too in Firefox with Ublock Origin installed. And when I scanned that URL on VT it only shows one vendor saying Suspicious:

 

https://www.virustotal.com/gui/url/f7a17e2ff6e18b79c9a948da1790fb31821d482523700670f7f0fd191aed2ad4
 



#5 Dill2046

Dill2046

  •  Avatar image
  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:10 PM

Posted 01 March 2024 - 06:14 PM

Then,

 


Well I didn't install any MLs I just used their web AI too in Firefox with Ublock Origin installed. And when I scanned that URL on VT it only shows one vendor saying Suspicious:

 

Then, I really doubt that you caught anything from typing / getting answers in the browser, especially since you have already scanned with both Bitdefender and MWB.



#6 SuperSapien64

SuperSapien64
  • Topic Starter

  •  Avatar image
  • Members
  • 2,372 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 03 March 2024 - 02:05 PM

Then,

 


Well I didn't install any MLs I just used their web AI too in Firefox with Ublock Origin installed. And when I scanned that URL on VT it only shows one vendor saying Suspicious:

 

Then, I really doubt that you caught anything from typing / getting answers in the browser, especially since you have already scanned with both Bitdefender and MWB.

I hope your right.






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users