Hugging Face Used to Spread Android Malware

The Hugging Face platform, recognized as a fundamental pillar for the scientific community devoted to artificial intelligence and machine learning, has become the involuntary vector of a sophisticated malware campaign.

Although the platform is renowned for hosting language models, datasets and innovative applications in a collaborative and secure environment, recent investigations have revealed how malicious actors have begun to exploit its trusted infrastructure to distribute harmful payloads aimed at Android devices.

Android Malware Now Also Spreads via Hugging Face

The alert was raised by researchers at Bitdefender, who identified a sophisticated operation that leverages the impeccable reputation of Hugging Face to bypass security checks.

The attackers’ modus operandi starts far from the AI platform, through the distribution of a deceptive application named “TrustBastion“.

This software, classified as a dropper, paradoxically presents itself as a security tool, using aggressive and intimidating advertisements that warn the user of alleged infections on their device.

Playing on fear, the app convinces the victim to install what is presented as a critical update, graphically simulating the trusted Google Play Store interface to mask its true intentions.

It is at this crucial stage that the abuse of the platform comes into play. Instead of downloading the malicious code from unknown servers and potentially already listed on defense systems’ blacklists, the dropper contacts a repository hosted directly on Hugging Face.

This strategy provides criminals with a tactical advantage: data traffic coming from such a reputable and legitimate domain rarely triggers alarms from firewalls or network monitoring software.

To make detection and removal even harder, the malware developers have implemented a highly dynamic server-side polymorphism mechanism.

This technique generates a new virus variant roughly every fifteen minutes, making each download unique in terms of fingerprinting and effectively defying detections based on traditional static signatures. At the time of analysis, the repository contained thousands of variants accumulated in just a few weeks.

What can the new malware do?

Once infiltrated into the system, the malware reveals its predatory nature by exploiting Android Accessibility Services.

Obtaining these permissions through deceit, the software gains near-total control over the device: it can overlay windows on legitimate apps, record the device’s screen activity, and exfiltrate sensitive credentials.

The primary objective appears to be the theft of financial data, with a particular focus on widely used payment services such as Alipay and WeChat, as well as attempting to capture screen unlock codes.

The threat is persistent and resilient, as the malware code is programmed to monitor and actively block any uninstall attempts by the user.

Is Google Play Protect the solution?

Despite the report to Hugging Face leading to the removal of the incriminated datasets, the operators behind the campaign have demonstrated a notable ability to reorganize, reappearing later under new names, such as “Premium Club“, while keeping the underlying malicious code unchanged.

In response to these findings, Google has clarified its position, stating that no application containing this malware is present on the official Play Store.

A Mountain View spokesperson also confirmed that Google Play Protect is capable of recognizing and neutralizing these threats, protecting users even when installations come from external sources, reiterating the importance of avoiding downloads from unverified third-party stores.