- Hackers used Hugging Face to deliver Android malware via the fake antivirus app TrustBastion
- Malware steals screenshots, lock codes and payment logins and exfiltrates data to hacker servers
- The campaign continued with new repositories despite the removal, highlighting the risks of unverified app source
Hackers are misusing the Hugging Face platform to deliver Android malware that can completely take over compromised endpoints, experts have warned.
Hugging Face is an open platform for AI tools and machine learning where users can host and distribute AL, NLP or ML models – but it seems that it is also sometimes used as a launching pad for poisoned models.
In this case, the bad guys used it to deliver Android malware, cybersecurity researchers at Bitdefender noted, starting with a dropper app called TrustBastion.
Thousands of commitments
This app works as an Android antivirus solution – it offers virus protection, defense against phishing, malware and fraudulent SMS messages. But TrustBastion engages in scareware – as soon as the victim installs it, it says that the device is infected with malware. It then requires the user to update the app, which is when the malicious code is actually installed.
To deliver the malware, TrustBastion connects to a third-party server, which redirects to a Hugging Face repository where the malicious APK is hosted. From there, the malware is downloaded and delivered via Hugging Faces CDN.
Although these types of campaigns are quite common, unfortunately this one was also successful. In less than a month of activity, it accumulated more than 6,000 commits, Bitdefender said. To make matters worse, as soon as the campaign was discovered and ended, a new repository appeared, called ‘Premium Club’, using new icons but with the same malicious code.
The malware itself is quite powerful. It can take screenshots, display fake login interfaces for popular payment services and steal the lock screen code. Everything is then exfiltrated to a third party server.
The best way to defend against this type of malware is to only download Android apps from reputable sources, such as the Google Play Store or the Galaxy Store. Also, be sure to read through the reviews and pay attention to the number of downloads and the overall rating.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
