What appears to be a safe source for AI tools has become an unexpected launchpad for cybercrime. A fresh Android malware campaign has abused Hugging Face to host and distribute thousands of malicious app files designed to steal financial and payment credentials.
The operation was uncovered by researchers at Bitdefender. Attackers used Hugging Face as a storage point for Android APK files, taking advantage of the platform’s reputation as a trusted service that rarely triggers security alerts.
The infection starts when users are tricked into installing a dropper app named TrustBastion. Victims are shown scare-style ads warning that their phones are infected. The app pretends to be a security tool that can detect scams, phishing, and malware.
After installation, TrustBastion displays a forced update prompt that looks like Google Play. Instead of downloading updates from an app store, it contacts a server linked to trustbastion[.]com. This server redirects the request to a Hugging Face dataset repository that hosts the real malware. The final payload is then downloaded through Hugging Face’s content delivery network.
To avoid detection, attackers use server-side polymorphism that creates a new malware version every 15 minutes. Researchers noted, “At the time of investigation, the repository was approximately 29 days old and had accumulated more than 6,000 commits.”
When the original repository was removed, the campaign quickly returned under a new name, Premium Club, with new icons but the same code.
The main payload is a remote access tool that abuses Android’s Accessibility Services. It asks for access by claiming it is needed for security. Once approved, it can record screens, show overlays, block uninstallation, and perform automated actions.
The malware monitors Android’s activity, captures screenshots, and sends data to its command server. It also shows fake login pages for services like Alipay and WeChat to steal credentials and tries to collect lock screen codes. It stays permanently connected to its control server for commands and fake content.
Bitdefender alerted Hugging Face, which removed the malicious datasets. Researchers also shared technical indicators to help detect the threat.
Users are advised to avoid third-party app stores, review app permissions carefully, and only install apps needed for real functions.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
