Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw
Essential information
- Published
- 11/05/2026 13:49
- Modified
- 11/05/2026 19:27
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- ai supply chain amos stealer clawhub cryptominer hugging face indirect prompt injection openclaw trojanized skills
- Tags
- 2026-05-11 ai supply chain amos stealer clawhub cryptominer hugging face indirect prompt injection openclaw trojanized skills
- Related entities
- 21 indicators, 21 observables, 20 techniques (mitre), 1 malware, 2 others
Description
Threat actors are actively exploiting AI distribution platforms like Hugging Face and ClawHub to deliver malware by embedding malicious code within models, datasets, and agent extensions. Over 575 malicious skills across 13 developer accounts were identified in the OpenClaw ecosystem, targeting Windows and macOS with trojans, cryptominers, and AMOS stealer. Attackers abuse trust relationships between users and AI platforms through indirect prompt injection, where hidden instructions cause AI agents to execute malicious actions on behalf of users. Trojanized skills masquerade as legitimate tools while instructing users to execute encoded commands or install hidden malicious dependencies. On Hugging Face, repositories host payloads within multistep infection chains disguised as legitimate applications. These campaigns employ social engineering, obfuscation, encryption, in-memory execution, process injection, and persistence techniques to evade detection while establishing covert command-and-control communica...