Security researchers have uncovered a large-scale Android malware operation that quietly used an AI development platform to distribute harmful software. The campaign was designed to blend in with legitimate activity, making detection more difficult while targeting unsuspecting users.
According to cybersecurity firm Bitdefender, the campaign hosted more than 6,000 commits and APK payload variants on Hugging Face over a span of around 29 days. The attackers reportedly attempted to mimic normal AI-related traffic so the activity could bypass security checks and steal user information without raising alerts.
The infection process begins with deceptive pop-up advertisements that warn users their device is infected. These messages prompt users to download an app called “TrustBastion” from an unverified website. Once installed, the app pretends to be a Google Play update and then quietly downloads the actual malware from Hugging Face’s servers.
The malware functions as a remote access trojan, or RAT. It requests powerful permissions, including screen recording and Accessibility Services. With these permissions, it can monitor on-screen activity, display fake payment or login pages, and capture sensitive data such as PINs and passwords. The malware can also prevent users from removing it and send stolen information directly to the attackers.
Following disclosure, Hugging Face removed the malicious files after being alerted. Google Play Protect has also been updated to block known versions of the malware, reducing the risk of further spread.
Users are advised to stay cautious by avoiding app downloads from unofficial sources. Checking app permissions carefully before installation and relying only on trusted app stores can significantly reduce the risk of infection.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
