Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw
Threat actors are actively exploiting AI distribution platforms like Hugging Face and ClawHub to deliver malware by embedding malicious code within models, datasets, and agent extensions. Over 575 malicious skills across 13 developer accounts were identified in the OpenClaw ecosystem, targeting Windows and macOS with trojans, cryptominers, and AMOS stealer. Attackers abuse trust relationships between users and AI platforms through indirect prompt injection, where hidden instructions cause AI agents to execute malicious actions on behalf of users. Trojanized skills masquerade as legitimate tools while instructing users to execute encoded commands or install hidden malicious dependencies. On Hugging Face, repositories host payloads within multistep infection chains disguised as legitimate applications. These campaigns employ social engineering, obfuscation, encryption, in-memory execution, process injection, and persistence techniques to evade detection while establishing covert command-and-control communica...
Indicators of Compromise
- ip: 91.92.242.30
- url: https://install.app-distribution.net/setup/
- hash: a37f6403fbf28fa0b48863287f4c5a5d
- url: http://91.92.242.30/1v07y9e1m6v7thl6
- url: http://91.92.242.30/6wioz8285kcbax6v
- domain: velvet-parrot.com
- hash: a396ec79d8e33ca984c7ffc7ee4d7d2caa8412ee
- hash: f0a54f2b44e557854b0a5001c4e10185884af945814786f78b86539014f78a16
- hash: b488d8d0cb6ee18af9e5800b66ff1ed9
- hash: 93b3d3925ccc201ab0f16017153a79ef05b8f5c2
- hash: d781d5cabaf5f305bbb8afcd9a54d7ba616bfa7aef5c4d16f6bce3d2bf3b4073
- hash: c7b93b6facfc23f49e35e81dc9c30cc69401b8245eeb7c032fc13656cd7e101f
- hash: 122bea967f4c194fd5820123d13b7b71422c31f92b9fc0b0fa05aac3ff03dfaa
- hash: 462af0a3a9094d44c30cc65544ec1171a62365cff09e67f5e87e061a3d604bd0
- hash: 579a82dde4425d95e20a22171be0a37702c833fdca6e5e04f69099a025863136
- hash: 89930bd18e0f9c9c98dfb1662cb87aa98348e87164ab62b1f39e86ebf2ce24cb
- hash: 9db18aa394f554aa455f3039ce734b1653cc999089889c551fe263bd4bdc39fc
- hash: b5da6ffa5f85aa5016fbc02a3122361c85d21192c45df9544099d13e6ff84c36
- hash: d42aecf76fb1531cd5b7139e669910b2fd82a90b7e11448128e226775bf5d42e
- hash: e84b1e2c432b2394c403b524b8361ffa9923a022eb05215f1dc811bc167c3c5e
- hash: fd3d52c2bb3764aabfe4da301967bfbc18e1c062d5dad2e9f4c3b6b6cf0ec9f8
- url: https://glot.io/snippets/hfd3x9ueu5
- url: https://glot.io/snippets/hfdxv8uyaf
- hash: 41f581f7d2c09ab0edfea850b9db506f
- hash: 50eda29bfbeeb8b0429718447725016a
- hash: bd46890121106b43f0c01ab82629400c
- hash: ce62d1b6116f34f9ba815db1e2016d2a
- hash: 1fc5e6458316277fae8272cbe9f3dfc86b681635
- hash: 5d253cc263851ec68c0a988bf86afbb3e9f0b491
- hash: 8bd284bfb607d5e970c88a69ca9422b44b1148a9
- hash: 92149d122dedb4e507e3a9cf6e43c53836e16fbe
- hash: 31d36da3d6cd96f335b14a1dd1f06cc2
- hash: 69315b7a1c4bf5ee56cba1de29d1761e
- hash: abae0f42f695e55714d362a088acc780
- hash: b6a77b7892ef22d6afd91eb980a3f3d8
- hash: c5a53c02d531c5e46f9cc2fc0afbb88d
- hash: 0d2bb0876cc58d8b9c91686c019c131584f1b970
- hash: 197e0f42236143b60742ecbcac751617c22cfb9c
- hash: 9f79b3301a88348bb6f03369c239a660a8c277bc
- hash: a14bed1c46ba7406d5240e979251ccd394dfe3b5
- hash: a7c4407a7039102a8769bd51bfa64efc17943847
- url: https://velvet-parrot.com
- url: https://velvet-parrot.com:443
Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw
Description
Threat actors are actively exploiting AI distribution platforms like Hugging Face and ClawHub to deliver malware by embedding malicious code within models, datasets, and agent extensions. Over 575 malicious skills across 13 developer accounts were identified in the OpenClaw ecosystem, targeting Windows and macOS with trojans, cryptominers, and AMOS stealer. Attackers abuse trust relationships between users and AI platforms through indirect prompt injection, where hidden instructions cause AI agents to execute malicious actions on behalf of users. Trojanized skills masquerade as legitimate tools while instructing users to execute encoded commands or install hidden malicious dependencies. On Hugging Face, repositories host payloads within multistep infection chains disguised as legitimate applications. These campaigns employ social engineering, obfuscation, encryption, in-memory execution, process injection, and persistence techniques to evade detection while establishing covert command-and-control communica...
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://www.acronis.com/en/tru/posts/poisoning-the-well-ai-supply-chain-attacks-on-hugging-face-and-openclaw"]
- Adversary
- null
- Pulse Id
- 6a01c2363e7f67fcbed473cb
- Threat Score
- null
Indicators of Compromise
Ip
| Value | Description | Copy |
|---|---|---|
ip91.92.242.30 | — |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://install.app-distribution.net/setup/ | — | |
urlhttp://91.92.242.30/1v07y9e1m6v7thl6 | — | |
urlhttp://91.92.242.30/6wioz8285kcbax6v | — | |
urlhttps://glot.io/snippets/hfd3x9ueu5 | — | |
urlhttps://glot.io/snippets/hfdxv8uyaf | — | |
urlhttps://velvet-parrot.com | — | |
urlhttps://velvet-parrot.com:443 | — |
Hash
| Value | Description | Copy |
|---|---|---|
hasha37f6403fbf28fa0b48863287f4c5a5d | — | |
hasha396ec79d8e33ca984c7ffc7ee4d7d2caa8412ee | — | |
hashf0a54f2b44e557854b0a5001c4e10185884af945814786f78b86539014f78a16 | — | |
hashb488d8d0cb6ee18af9e5800b66ff1ed9 | — | |
hash93b3d3925ccc201ab0f16017153a79ef05b8f5c2 | — | |
hashd781d5cabaf5f305bbb8afcd9a54d7ba616bfa7aef5c4d16f6bce3d2bf3b4073 | — | |
hashc7b93b6facfc23f49e35e81dc9c30cc69401b8245eeb7c032fc13656cd7e101f | — | |
hash122bea967f4c194fd5820123d13b7b71422c31f92b9fc0b0fa05aac3ff03dfaa | — | |
hash462af0a3a9094d44c30cc65544ec1171a62365cff09e67f5e87e061a3d604bd0 | — | |
hash579a82dde4425d95e20a22171be0a37702c833fdca6e5e04f69099a025863136 | — | |
hash89930bd18e0f9c9c98dfb1662cb87aa98348e87164ab62b1f39e86ebf2ce24cb | — | |
hash9db18aa394f554aa455f3039ce734b1653cc999089889c551fe263bd4bdc39fc | — | |
hashb5da6ffa5f85aa5016fbc02a3122361c85d21192c45df9544099d13e6ff84c36 | — | |
hashd42aecf76fb1531cd5b7139e669910b2fd82a90b7e11448128e226775bf5d42e | — | |
hashe84b1e2c432b2394c403b524b8361ffa9923a022eb05215f1dc811bc167c3c5e | — | |
hashfd3d52c2bb3764aabfe4da301967bfbc18e1c062d5dad2e9f4c3b6b6cf0ec9f8 | — | |
hash41f581f7d2c09ab0edfea850b9db506f | — | |
hash50eda29bfbeeb8b0429718447725016a | — | |
hashbd46890121106b43f0c01ab82629400c | — | |
hashce62d1b6116f34f9ba815db1e2016d2a | — | |
hash1fc5e6458316277fae8272cbe9f3dfc86b681635 | — | |
hash5d253cc263851ec68c0a988bf86afbb3e9f0b491 | — | |
hash8bd284bfb607d5e970c88a69ca9422b44b1148a9 | — | |
hash92149d122dedb4e507e3a9cf6e43c53836e16fbe | — | |
hash31d36da3d6cd96f335b14a1dd1f06cc2 | — | |
hash69315b7a1c4bf5ee56cba1de29d1761e | — | |
hashabae0f42f695e55714d362a088acc780 | — | |
hashb6a77b7892ef22d6afd91eb980a3f3d8 | — | |
hashc5a53c02d531c5e46f9cc2fc0afbb88d | — | |
hash0d2bb0876cc58d8b9c91686c019c131584f1b970 | — | |
hash197e0f42236143b60742ecbcac751617c22cfb9c | — | |
hash9f79b3301a88348bb6f03369c239a660a8c277bc | — | |
hasha14bed1c46ba7406d5240e979251ccd394dfe3b5 | — | |
hasha7c4407a7039102a8769bd51bfa64efc17943847 | — |
Domain
| Value | Description | Copy |
|---|---|---|
domainvelvet-parrot.com | — |
Threat ID: 6a0228aecbff5d86104b1f22
Added to database: 5/11/2026, 7:06:22 PM
Last updated: 5/11/2026, 7:06:40 PM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.