2025-02-23 14:24:19 Pacfic
Malicious ML Models on Hugging Face Exploit Pickle Format - 14d
Cybersecurity researchers have identified malicious machine learning (ML) models on Hugging Face, a popular platform for sharing and collaborating on ML projects. The models leverage a novel attack technique called "nullifAI," which uses "broken" pickle files to evade detection. This method abuses the Pickle file serialization process, allowing Python code execution during ML model deserialization. The malicious models, which resemble proof-of-concept models, were initially not flagged as unsafe by Hugging Face's Picklescan security tool.
Researchers from ReversingLabs discovered two such models on Hugging Face containing malicious code. The nullifAI attack exploits differences in compression format with PyTorch and a security issue preventing proper scanning of Pickle files. The malicious payload in both cases was a platform-aware reverse shell that connects to a hard-coded IP address. The Hugging Face security team has since removed the malicious models and improved Picklescan's detection capabilities.
ImgSrc: www.reversinglabs.com
References:
- Blog (Main) - Researchers from ReversingLabs recently discovered two Hugging Face models containing malicious code. The nullifAI attack involves abusing Pickle file serialization. - 14d
- gbhackers.com - Developers Beware! Malicious ML Models Found on Hugging Face Platform - 14d
- The Hacker News - Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection - 14d
- News | CSO Online - Attackers hide malicious code in Hugging Face AI model Pickle files - 14d
- ciso2ciso.com - Malicious ML Models on Hugging Face Exploit Novel Attack Technique – Source: www.infosecurity-magazine.com - 13d
- cyberscoop.com - Hugging Face platform continues to be plagued by vulnerable ‘pickles’ - 13d
- @youranonriots - Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. - 13d
- CISO2CISO.COM & CYBER SECURITY GROUP - Security Week - Malicious AI Models on Hugging Face Exploit Novel Attack Technique - 13d
- Threats | CyberScoop - Cyberscoop - Hugging Face platform continues to be plagued by vulnerable ‘pickles’ - 13d
- GBHackers Security | #1 Globally Trusted Cyber Security News Platform - Developers Beware! Malicious ML Models Found on Hugging Face Platform - 13d
- @youranonriots - Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. - 13d
- Help Net Security - Researchers have spotted two machine learning (ML) models containing malicious code on Hugging Face Hub, the popular online repository for datasets and pre-trained models. - 12d
- www.helpnetsecurity.com - Researchers have spotted two machine learning (ML) models containing malicious code on Hugging Face Hub, the popular online repository for datasets and pre-trained models. - 12d
- SCM feed for Threat Management - Security news about hugging face with malicious ai models - 12d
- @screaminggoat - The abuse of Pickle, a popular Python module that many teams use for serializing and deserializing ML model data - 12d
- @VirusBulletin - Virus Bulletin reports on researchers from ReversingLabs discovering two Hugging Face models containing malicious code. - 12d
Classification:
- HashTags: HuggingFace MaliciousML NullifAI
- Company: Hugging Face
- Target: Hugging Face Users
- Product: Hugging Face
- Feature: Pickle Serialization
- Type: AI
- Severity: Major