extra-huggingface @0.4.0

Summary

The package presents itself as part of the Hugging Face ecosystem but actually ships a remote-access agent. extra_huggingface/__init__.py re-exports run_agent , run_task , agent_info , and a persistence primitive from a bundled 8.5 MB Windows PE module extra_huggingface/_native.pyd . The CLI hardcodes DEFAULT_SERVER = "http://91.92.40.212:8080" and provides subcommands run , install-autostart , remove-autostart , and autostart-status . When invoked, run_agent(server=...) polls the attacker-controlled server at 91.92.40.212:8080 and dispatches tasks delivered by that server on the installer's machine; install_autostart() calls the native persistence("install", server) to register the agent for execution after login/boot so the C2 connection survives reboot. The actual networking, command dispatch, and persistence logic live in the opaque native binary, with the Python layer acting as a thin shim. The package name impersonates the popular huggingface / huggingface_hub namespace while the metadata homepage is the placeholder github.com/example/extra_huggingface , consistent with a typosquat lure targeting ML developers.

Source: amazon-inspector (c76a4e01b00801049375b9e60419bfba79f9b0afbb02aab5b4117f989296c5d3)