Hackers Spread Android Malware via Hugging Face

A recent cybersecurity investigation has uncovered a sophisticated malware campaign targeting Android users, with attackers leveraging the trusted AI platform Hugging Face to host and distribute malicious payloads. This method exploits the platform’s reputation to bypass security warnings, delivering a credential-stealing remote access tool through a deceptive dropper application. The campaign highlights a concerning trend of abusing legitimate developer resources for malicious distribution networks.

The attack begins when users are tricked into installing a dropper app named TrustBastion. This application uses alarming, scareware-style advertisements falsely claiming the device is infected. Posing as a legitimate security tool, it promises to detect scams, phishing attempts, and malware. Once installed, it immediately displays a fake mandatory update alert designed to look exactly like a Google Play Store page.

Instead of fetching an update from a traditional server, the dropper contacts a command server which redirects it to a dataset repository on Hugging Face’s infrastructure. The final malicious APK is then downloaded directly from Hugging Face’s content delivery network. Researchers at Bitdefender, who discovered the campaign, note the attackers use server-side polymorphism, generating a new variant of the payload every 15 minutes to evade signature-based detection. At the time of their investigation, the malicious repository was about a month old and had accumulated over six thousand commits.

When the initial repository was taken down, the operation quickly resurfaced under a new name, ‘Premium Club,’ using fresh icons but the same underlying malicious code. The core payload is a powerful remote access tool that aggressively requests Android Accessibility Services permissions, misleadingly presented as necessary for security. Granting these permissions provides the malware with extensive control over the device.

This access allows the malware to deploy screen overlays, capture the screen, perform gestures, and block attempts at uninstallation. Its primary function is to monitor user activity and take screenshots, sending all captured data to its operators. Crucially, it displays counterfeit login interfaces for major financial services like Alipay and WeChat to steal usernames and passwords. It also attempts to harvest the device’s lock screen PIN.

The malware maintains a constant connection to a command-and-control server. This server receives the stolen credentials and screenshots, sends instructions for executing commands, delivers configuration updates, and even pushes fabricated in-app content to make the TrustBastion dropper appear like a genuine, functioning application.

Following the investigation, Bitdefender reported the malicious repositories to Hugging Face, which subsequently removed the datasets. The researchers have also published indicators of compromise related to the dropper, its network infrastructure, and the malicious packages. For protection, Android users are advised to install apps only from official stores like Google Play, carefully review requested permissions before granting them, and ensure Google Play Protect is enabled for real-time scanning.

In a statement regarding these findings, a Google spokesperson confirmed that no apps containing this specific malware were found on Google Play. They emphasized that Google Play Protect, enabled by default on devices with Google Play Services, provides automatic protection against known versions of this malware, warning users or blocking apps identified as malicious even when installed from other sources.

(Source: Bleeping Computer)