US EditionHugging Face Platform Hijacked to Send Out Android Malware - Here's What We Know so Far
The campaign used server-side polymorphism to create new Android malware variants every 15 minutes, stealing credentials via fake financial app interfaces, Bitdefender said.
- Bitdefender researchers found an Android malware campaign that abused the Hugging Face platform to host thousands of APK variants targeting Android devices.
- The attack begins when users install the TrustBastion dropper app , which shows a mandatory update and downloads malicious code via trustbastioncom redirecting to a Hugging Face dataset repository delivered through Hugging Face CDN.
- Using Accessibility Services, the payload enables screen overlays, impersonates Alipay and WeChat to steal credentials, and exfiltrates data to a command‑and‑control server, Bitdefender reports.
- After a takedown, the threat actor used server‑side polymorphism to generate rapid payload variants and resurfaced as `Premium Club` soon, with the same malicious code.
- Bitdefender informed Hugging Face and the platform removed malicious datasets while researchers published indicators of compromise and advised Android users to avoid third-party installs and review permissions.
14 Articles
14 Articles
Cybercriminals are abusing AI platforms to spread mobile malware
We’ve said it before, and we’ll say it again. Whenever you download apps for your phone, it’s usually best if you download them from trusted sources. We’re talking about platforms such as Google Play, which comes with various security features designed to protect users as much as realistically possible. Unfortunately, if you have turned to third-party sources, it seems that a recently discovered Android Trojan has been using the Hugging Face pla…
Hugging Face Repositories Hijacked For Android RAT Delivery, Bypassing Traditional Defenses
A sophisticated Android RAT campaign that exploits Hugging Face’s popular machine learning platform to host and distribute malicious payloads. Attackers combine social engineering, legitimate infrastructure abuse, and Accessibility Services exploitation to gain deep device control, evading hash-based detection through rapid polymorphism. The campaign targets Android users via a dropper app named TrustBastion, often promoted through […] The post …
Global Security Mag Online
Global Security Mag OnlineBitdefender publishes a study on an Android campaign that is particularly sensitive and stealthy, always active, in which cybercriminals hijack Hugging Face's infrastructure to spread large-scale malware. Hugging Face is a community and an open source platform of reference in the field of AI, often described as the "GitHub of the machine learning". Once installed, malware allows real-time surveillance and recording of activity on the screen, the…
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
