Researchers at Bitdefender have uncovered a large-scale Android campaign in which a remote access trojan is being distributed via Hugging Face’s infrastructure.
The attackers combine social engineering with the abuse of legitimate cloud hosting to distribute malicious APK files. In doing so, they make intensive use of Android Accessibility Services to gain in-depth control over infected devices.
The infection chain starts with a seemingly innocent Android app called TrustBastion. Advertisements and alarming notifications convince users that their devices are infected and need to be secured urgently. The app presents itself as a free security solution that detects phishing, fraudulent text messages, and malware, among other things. In reality, the application has no security functionality and serves solely as a dropper for the next stage of infection.
Immediately after installation, the user is prompted to install a mandatory update. The accompanying screen closely mimics the appearance of Google Play and Android system updates, which increases its credibility. When the user agrees, the app contacts a server that does not deliver malware and instead redirects to a dataset repository on Hugging Face. From there, the final malicious APK is downloaded via the platform’s infrastructure and CDN.
According to Bitdefender, this approach was deliberately chosen to avoid detection. Traffic from well-known and widely used platforms is less likely to be blocked than downloads from suspicious domains. Analysis of the repository used shows that the attackers are applying server-side polymorphism on a large scale. New payload variants were generated approximately every fifteen minutes, resulting in more than 6,000 different APK files in less than a month. Each variant contains the same functionality, but minor technical changes are designed to circumvent hash-based detection.
Malware pretends to be a system component
After the second phase is installed, the malware masquerades as a system or security component. Users are persuaded step by step to enable Accessibility Services, supposedly for security reasons. With these rights, the malware gains almost complete visibility and control over the device. It also requests permissions for overlays, screen recordings, and screen casting, allowing interactions to be monitored and manipulated in real time.
With these privileges, the Trojan functions as a full-fledged remote access tool. User activities are monitored and recorded, and the data is then forwarded to a command-and-control server. The malware also displays fake login screens that imitate popular payment and financial services, including Alipay and WeChat, to intercept login details and PINs. Lockscreen information can also be stolen.
The command-and-control infrastructure remains continuously active and is used for data exfiltration, sending commands, and loading additional content to give the app a legitimate appearance. According to BleepingComputer , after the original repository was taken offline, the campaign reappeared under the name Premium Club, with different icons but largely identical code.
Hugging Face was notified by Bitdefender and removed the affected datasets. The campaign shows how trusted development platforms are increasingly being misused as a distribution channel for malware and highlights the importance of behavioral analysis over traditional detection methods.