How are hackers using the Hugging Face platform?

Hackers are using the Hugging Face platform to host and distribute Android malware, disguising it within fake applications.

What did the fake antivirus app 'TrustBastion' do?

TrustBastion falsely claimed devices were infected and prompted users to update, which installed malicious code designed to steal data.

What are the recommended defenses against this type of malware?

It is recommended to download Android apps only from reputable sources like the Google Play Store or Galaxy Store, and to check reviews and ratings.

Home / Technology / Android Malware Hides in AI Platform

Android Malware Hides in AI Platform

30 Jan

•

Summary

Malware delivered via Hugging Face platform through fake antivirus app.
App demanded updates, installing malicious code that stole data.
Hackers created new repositories after initial campaign shutdown.

Cybersecurity researchers have identified a campaign exploiting the Hugging Face platform to distribute Android malware. Malicious actors disguised a threat as an antivirus application called TrustBastion. This app falsely claimed devices were infected, prompting users to update and inadvertently install harmful code.

The malware communicated with a third-party server, which then redirected users to a Hugging Face repository for the malicious APK. The malware possessed capabilities to capture screenshots, display fake payment login interfaces, and steal lock screen codes before exfiltrating data.

This campaign was active for less than a month, accumulating over 6,000 commits. Even after its detection and termination, a new repository with similar malicious code emerged. Experts advise downloading apps only from trusted sources like the Google Play Store or Galaxy Store, and to carefully review app ratings and reviews.