A sophisticated Android RAT campaign that exploits Hugging Face’s popular machine learning platform to host and distribute malicious payloads.
Attackers combine social engineering, legitimate infrastructure abuse, and Accessibility Services exploitation to gain deep device control, evading hash-based detection through rapid polymorphism.
The campaign targets Android users via a dropper app named TrustBastion, often promoted through fake ads claiming to scan for scams, phishing, and malware.
Victims install the app manually, triggering a deceptive update prompt mimicking Google Play dialogs. This leads to payload retrieval from Hugging Face repositories.
Two-Stage Infection Chain
The process starts with the dropper contacting trustbastion[.]com, which redirects to a Hugging Face dataset like huggingface[.]co/datasets/xcvqsccm/sfxyt851/resolve/main/b.apk.
Network logs show the APK downloads from Hugging Face’s CDN, bypassing scrutiny of suspicious domains. ClamAV scans uploads, but attackers slip through with polymorphic variants.
Key code snippet from the dropper reveals obfuscated config:
textpublic static final String B_ASSET_APK = "b.apk";
private static final String DATA_SOURCE_1 = "Eg4OCglAVVUNDQ1UDggPCQ4YGwkOExUUVBkVF1UCExsAAFQSDhcW";
New APKs generate every 15 minutes, with over 6,000 commits in 29 days across repositories.
This server-side polymorphism alters hashes while preserving behavior, frustrating signature-based tools. Bitdefender Mobile Security detects via behavioral analysis, including permission abuse and C2 patterns.
Once installed, the RAT requests Accessibility Services under the guise of “Phone Security.” It gains permissions for screen recording, overlays, and casting, enabling real-time surveillance.
Advanced Surveillance and Theft Tactics
The payload monitors interactions, captures screens, and exfiltrates data to a C2 at 154.198.48.57:5000, tied to trustbastion[.]com. Fake interfaces mimic Alipay and WeChat to steal credentials, plus lock screen info.
Keep-alive connections ensure persistence. The same C2 handles commands, data theft, and config updates.
After takedown, attackers relaunched as “Premium Club” with identical code but new icons.
Bitdefender notified Hugging Face, prompting swift dataset removal. This highlights risks in open platforms: Hugging Face’s model-hosting appeal aids evasion, as trusted domains lower defenses.
Experts urge vigilance against fake security apps, Accessibility prompts, and rapid repo commits.
Use behavioral antivirus, restrict permissions, and monitor Hugging Face for anomalies. Android users should verify apps via official stores.
IoC
- d184d705189e42b54c6243a55d6c9502
- d8b0fd515d860be2969cf441ea3b620d
- b716a8a742fec3084b0f497abbfecfc0
- 15bdc66aca9fb7290165d460e6a993a9
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.