Android Malware Uses Hugging Face To Distribute

Bitdefender researchers identified an Android campaign that uses counterfeit security apps as first-stage droppers for TrustBastion remote access Trojans, delivering final payloads via Hugging Face's public hosting. Attackers use scareware ads and fake threat alerts to trick users into installing the dropper, which fetches staged APKs from Hugging Face and rotates thousands of package variants to evade detection while targeting banking and payment credentials.
Key Points
- 1Identify counterfeit Android security apps acting as droppers for TrustBastion RATs via Hugging Face
- 2Exploit Hugging Face's trusted reputation to bypass automated security controls and user suspicion
- 3Force defenders to monitor developer platforms, scan model repos, and block staged APK retrievals
Scoring Rationale
High novelty and credible Bitdefender findings, but limited mitigation specifics and primarily focused on mobile banking targets.
Sources
Public references used for this report.
Practice with real Banking data
90 SQL & Python problems · 15 industry datasets
250 free problems · No credit card
See all Banking problems

