Hugging Face Abused to Spread Android Malware

January 30, 2026 Faeem BLOGS 0

Researchers at Bitdefender have uncovered a large-scale Android malware campaign abusing the Hugging Face platform to host and distribute thousands of malicious APK variants.

Campaign Overview

  • Platform abused: Hugging Face datasets & CDN infrastructure.
  • Dropper app: TrustBastion, disguised as a security tool.
  • Initial lure: Scareware-style ads claiming the device is infected.
  • Fake update: Mimics Google Play update screens to trick users.
  • Payload delivery:
    • Dropper contacts trustbastion[.]com.
    • Redirects to Hugging Face repository hosting malicious APKs.
    • Payload downloaded via Hugging Face CDN.

Technical Details

  • Polymorphism: New payload variants generated every 15 minutes.
  • Repository activity: 29 days old, 6,000+ commits before takedown.
  • Resurgence: Reappeared under new name “Premium Club”, same malicious code but new branding.
  • Main payload: Remote Access Tool (RAT) exploiting Android Accessibility Services.

Malware Capabilities

  • Overlay attacks (fake login screens for Alipay, WeChat, etc.).
  • Screen capture and screenshot exfiltration.
  • Input simulation (swipes, taps).
  • Blocking uninstallation attempts.
  • Stealing lock screen PINs.
  • Persistent C2 connection for:
    • Data exfiltration.
    • Command execution.
    • Configuration updates.
    • Fake in-app content to appear legitimate.

Security Impact

  • Credential theft: Financial services and payment platforms targeted.
  • Continuous monitoring: User activity tracked in real time.
  • Infrastructure abuse: Hugging Face’s trusted reputation leveraged to bypass detection.
  • Indicators of compromise (IoCs): Published by Bitdefender for dropper, network, and malicious packages.

Defensive Recommendations

  • Avoid third-party app stores: Only install apps from Google Play or trusted sources.
  • Review permissions: Be wary of apps requesting Accessibility Services or excessive privileges.
  • Monitor Hugging Face repositories: Security teams should flag suspicious dataset activity.
  • Threat hunting: Look for connections to trustbastion[.]com and polymorphic APK variants.
  • User awareness: Train users to recognize fake update prompts and scareware tactics.

Takeaway

This campaign demonstrates how attackers exploit trusted AI platforms like Hugging Face to distribute malware at scale. By combining social engineering (fake security tools) with technical abuse (Accessibility Services, polymorphism), adversaries created a resilient ecosystem for credential theft and surveillance.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.