Hugging Face is considered a trusted platform unlikely to trigger security warnings but a new Android malware campaign is using it as a repository for thousands of variations of an APK payload that collects sensitive credentials.
According to cybersecurity company Bitdefender, a newly discovered Android RAT (remote access trojan) campaign combines social engineering, the resources of the Hugging Face online platform as staging, and extensive use of Accessibility Services to compromise devices.
The campaign uses Hugging Face, a widely used online hosting service that provides a home to machine learning models and gives users a place to host their open-source models, to host malicious payloads.
The attack begins with victims being lured to install a dropper app called TrustBastion, which uses scareware-style ads claiming that the target’s device is infected.
The malicious app is disguised as a security tool, claiming to detect threats such as scams, fraudulent SMS messages, phishing attempts, and malware. If TrustBastion is installed, it then shows a mandatory update alert with visual elements mimicking Google Play.
According to Bitdefender researchers, instead of directly serving malware, the dropper contacts a server linked to trustbastion[.]com, which returns a redirect to a Hugging Face dataset repository hosting the malicious APK.
The final payload is downloaded from Hugging Face infrastructure and delivered via its content distribution network.
As per Bitdefender, this is a remote access tool that aggressively exploits Android’s Accessibility Services, presenting the request as necessary for security reasons.
This usually enables the malware to serve screen overlays, capture the user’s screen, perform swipes, block uninstallation attempts, and more.
In this specific case, the malware monitors user activity and captures screenshots, exfiltrating everything to its operators. It also displays fake login interfaces impersonating financial services such as Alipay and WeChat to steal credentials, and attempts to steal the lock screen code.
According to Bitdefender, Hugging Face doesn’t seem to have meaningful filters that govern what people can upload. Bad actors have already abused the platform in the past to host malicious AI models.
However, Google told Cybernews that “based on our current detection, no apps containing this malware are found on Google Play."
"Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play," said a Google spokesperson.
Last year, at least two machine learning models containing malicious code were discovered on Hugging Face. They bypassed amateurish security scanning mechanisms and weren’t flagged as unsafe.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked