Hugging Face Abused to Deploy Android RAT in Sophisticated Mobile Malware Campaign

By Ash K
Hugging Face Abused to Deploy Android RAT in Sophisticated Mobile Malware Campaign

Threat actors are increasingly turning trusted developer platforms into covert malware distribution channels, and a recent campaign abusing Hugging Face highlights how effective this tactic has become. Security researchers have uncovered a malicious Android operation that leverages Hugging Face repositories to host and dynamically deliver a fully featured remote access trojan, blurring the line between legitimate AI infrastructure and active threat tooling.

The activity underscores a growing challenge for defenders as attackers adopt cloud-native platforms to reduce friction, evade detection, and maintain resilience against takedowns.

Malicious Payloads Hosted on Trusted Infrastructure

In the observed campaign, Hugging Face datasets were used to store and serve Android malware payloads. Rather than embedding the malicious code directly within the initial application, operators relied on external repositories to deliver frequently updated components, allowing rapid iteration without redistributing the core app.

This approach mirrors techniques long seen with GitHub and cloud object storage abuse, but the use of an AI-focused platform adds a new layer of trust exploitation. Network traffic associated with Hugging Face often appears benign, increasing the likelihood that malicious connections evade basic filtering.

TrustBastion App Acts as Initial Dropper

The infection chain begins with a fake security application named TrustBastion, distributed outside official channels but designed to closely resemble legitimate mobile protection software. Once installed, the app prompts users to approve updates through convincing Google Play style dialogs and system level notifications.

Behind the scenes, the dropper connects to trustbastion[.]com, a domain configured to redirect requests to Hugging Face repositories hosting the malicious payloads. This indirection allows operators to swap or modify payloads without changing the application itself.

Extensive Permission Abuse on Android

After deployment, the Android RAT aggressively requests high-risk permissions. These include Accessibility access, screen recording and casting capabilities, and overlay permissions that allow the malware to draw content over legitimate applications.

Once granted, the malware gains deep visibility into user activity. It can monitor screen content, capture credentials, intercept messages, and manipulate the user interface in real time, effectively turning infected devices into remotely controlled surveillance nodes.

Command and Control and Data Exfiltration

The operators maintain a persistent command-and-control infrastructure that enables data exfiltration and real-time tasking. Stolen information includes authentication data, session details, and potentially sensitive financial information.

Researchers observed the malware displaying fraudulent login screens for popular services such as Alipay and WeChat, a tactic designed to harvest credentials directly from users. The infrastructure also supports configuration updates and payload redirection, allowing the campaign to evolve quickly.

Evolving Infrastructure and Reappearing Repositories

As individual repositories were removed or flagged, related projects resurfaced under new names, including variants labeled as Premium Club. This pattern suggests a deliberate strategy to maintain continuity despite takedowns, using the low barrier to entry of public hosting platforms.

The ability to rapidly recreate repositories and distribute fresh payloads highlights the operational advantage attackers gain by abusing developer ecosystems built for openness and collaboration.

Implications for Mobile Security Defenders

The campaign illustrates how mobile threats are becoming more modular, cloud-dependent, and socially engineered. Defenders can no longer rely solely on application reputation or hosting domain trust when assessing risk.

Security teams are urged to monitor outbound connections to developer platforms for anomalous patterns, scrutinize applications requesting excessive permissions, and educate users on the risks of installing security tools from unofficial sources.

As cloud platforms designed for innovation continue to be repurposed by attackers, the boundary between legitimate infrastructure and malicious delivery mechanisms will only become harder to define.

Ash K
Ash K
Ashton is a seasoned Cybersecurity Professional with over 25 years of experience in Cybersecurity Research, Cybersecurity Incident response, Products and Security Solutions architecture.