A typosquatted Hugging Face repository impersonating an OpenAI tool delivered ValleyRAT (Winos 4.0) to approximately 244,000 Windows systems within 18 hours. The malware harvests browser credentials, cryptocurrency wallet data, Discord tokens, and FTP credentials, and installs persistent scheduled tasks with AMSI/ETW bypass capabilities. Any organization with AI/ML developers who pull models from Hugging Face without integrity controls faces active credential compromise risk from this campaign.