THREAT actors are using trojanized shared files to distribute malware via AI distribution platforms such as Hugging Face and ClawHub, according to Acronis. The campaign involves social engineering to trick users into downloading files that execute commands, fetch payloads, and install hidden dependencies, with payloads targeting Windows and macOS.
On ClawHub, Acronis identified close to 600 malicious skills across 13 developer accounts designed to distribute trojans, cryptominers, and information stealers, with two accounts—hightower6eu (334) and sakaen736jih (199)—concentrating most of the activity. Across two distribution campaigns abusing Hugging Face, the attackers staged multi-step infection chains leading to infostealers, trojans, malware loaders, and other malware types.
Acronis notes that the OpenClaw ecosystem allows AI to execute external code with high privileges, using indirect prompts to instruct agents to download and run code on users’ machines, including a macOS payload such as AMOS. The true scale is difficult to measure due to the platforms’ size and dynamic content, but the report suggests the activity is likely higher and warrants further investigation, according to Acronis.