How Hackers Exploit Hugging Face to Distribute Thousands of Android Malware Variants

Campaign Overview

Attackers leveraged the Hugging Face platform, normally used for hosting AI/ML models and datasets, as a repository to distribute thousands of Android APK payload variants aimed at stealing credentials from major financial and payment services.

Infection Chain

User is presented with scare‑ware advertisements claiming the device is infected.

Victim is tricked into installing a malicious app named TrustBastion , which pretends to be a security tool.

Immediately after installation, TrustBastion shows a forced‑update dialog that mimics the Google Play Store UI.

The app contacts a server associated with trustbastion.com, which returns a redirect URL pointing to an APK stored in a Hugging Face dataset repository.

The malicious payload is downloaded via Hugging Face’s CDN and installed on the device.

Payload Distribution Technique

To evade detection, the threat actors employed server‑side polymorphism: a new payload variant is generated every 15 minutes. During the investigation the repository existed for roughly 29 days and accumulated more than 6,000 submission records.

After the repository was temporarily removed by Hugging Face, the group resurfaced under the name “Premium Club,” changed the app icon, but retained the same malicious code.

Core Malware Functionality

The unnamed remote‑control tool requests the Android Accessibility Service permission under the guise of “security.”

Once granted, it can display floating windows, capture screen content, simulate swipe gestures, and block uninstallation of the app.

It continuously monitors user actions, captures screenshots, and exfiltrates the data to a command‑and‑control (C2) server.

It forges login pages of financial platforms to harvest user credentials and attempts to steal the device’s lock‑screen password.

The malware maintains a persistent C2 connection to upload stolen data, receive execution commands, obtain configuration updates, and receive fabricated in‑app content that makes TrustBastion appear legitimate.

Mitigation and Disclosure

Researchers reported the malicious repository to Hugging Face, which promptly removed the offending dataset. The investigators also published indicators of compromise (IOCs) for the installer, the network infrastructure, and the malicious APKs.

Reference: https://www.bleepingcomputer.com/news/security/hugging-face-abused-to-spread-thousands-of-android-malware-variants/