Ddos 
In a troubling convergence of trusted developer infrastructure and cybercrime, Bitdefender researchers have uncovered a sophisticated Android Remote Access Trojan (RAT) campaign that is turning the popular AI collaboration platform, Hugging Face, into a weapon.
The campaign is not just another malware drop; it is a masterclass in evasion. By leveraging the reputation of legitimate platforms and employing rapid-fire polymorphism, attackers are slipping past defenses to steal financial credentials and spy on users in real-time.
Hugging Face is widely known as the “GitHub of AI,” a trusted repository where data scientists share open-source machine learning models. However, Bitdefender’s investigation reveals that this very trust is being exploited.
Attackers are using Hugging Face repositories to host their malicious payloads, bypassing standard network filters that would typically flag traffic from low-reputation domains.
“What makes this campaign particularly interesting is the attackers’ use of Hugging Face to host malicious payloads, and the scale at which new samples are deployed.” — Bitdefender Report
The attackers aren’t just hosting a single file; they are running an automated factory. The investigation found that the threat actors utilize server-side polymorphism to generate new, unique APK payloads roughly every 15 minutes. By constantly changing the file hash, they render traditional signature-based antivirus detection largely ineffective.
The infection begins with a classic social engineering hook. Users are tricked into downloading an app called TrustBastion (or later, Premium Club), often via ads claiming their device is already infected.
Once installed, the app acts as a dropper. It presents a convincing, fake “Update Available” screen that mimics the Google Play Store interface. When the user clicks “Update,” the app reaches out—not to a malicious server directly, but to a Hugging Face dataset—to download the actual spyware payload.
“Unfortunately, the space Hugging Face offers can also be used by cybercriminals for malicious purposes as the platform doesn’t seem to have meaningful filters that govern what people can upload.” — Bitdefender Report
Once the payload lands, the malware pivots to a technique that has become a staple of modern Android banking trojans: Accessibility Services abuse.
The malware disguises itself as a “Phone Security Component” and creates a sense of urgency, guiding the victim to grant Accessibility permissions. The attackers frame this high-risk permission as a necessary step for security verification.
“Our analysis shows instructions designed to normalize the request for accessibility access, which is framed as a necessary security or verification step. Once granted, this permission gives the RAT broad visibility into user interactions across the device.” — Bitdefender Report
With these privileges, the RAT gains “god mode” over the device. It can:
- Record the screen to capture login flows.
- Overlay fake login windows for apps like Alipay and WeChat to harvest credentials.
- Steal lock screen patterns and PINs.
Bitdefender’s findings underscore a growing challenge for defenders: legitimate, high-reputation cloud services are increasingly becoming the “best” infrastructure for malware distribution.
The researchers contacted Hugging Face prior to publication, and the malicious datasets have since been removed. However, as the appearance of the “Premium Club” app proves, the attackers are quick to spin up new repositories and continue the game of cat and mouse.
Donate