Home / Technology / Fake Antivirus App Steals Android Data
Fake Antivirus App Steals Android Data
15 Feb
Summary
- Hackers use Hugging Face to spread malware disguised as antivirus.
- Malware steals data and drains accounts from Android devices.
- Google Play Protect guards against apps from official stores.
Cybersecurity researchers have identified a new threat targeting Android users through the Hugging Face platform, a popular hub for AI tools. Hackers are leveraging this open platform to distribute malware disguised as a legitimate antivirus application called TrustBastion. This deceptive app, once installed, falsely claims the user's device is infected, then pressures them to install a malicious update that delivers the actual malware.
The malware's primary function is to steal sensitive data from infected Android devices. Once collected, this information is transmitted to a third-party server, enabling attackers to potentially drain accounts or gain full control of the device. This tactic, known as scareware, exploits user panic and urgency.
While the malicious repositories on Hugging Face have been taken down, similar ones quickly reappear with minor changes, making the campaign persistent. Google states that users who adhere to official app stores, like the Google Play Store, are protected by Google Play Protect, which is enabled by default on most Android devices and can block known malicious applications, even those downloaded from outside official channels.
