"Cybersecurity researchers at Bitdefender have uncovered a massive campaign in which attackers are using Hugging Face's trusted infrastructure to host and spread a malicious Android Remote Access Trojan (RAT). By hiding their malicious code on a platform used by millions of developers, the attackers managed to fly under the radar of traditional security filters. The attack doesn't start with a shady link from a dark corner of the web."
"According to Bitdefender, "In the most likely scenario, a user encounters an advertisement or similar prompt claiming the phone is infected and urging the installation of a security platform, often presented as free and packed with 'useful' features." Once a user sideloads this "security" app, the trap is sprung. The app immediately prompts an update, using visuals that closely mimic official Google Play and Android system dialogs. When the user clicks "update," the app doesn't open the Play Store; instead, it contacts Hugging Face to retrieve the update."
A campaign used Hugging Face infrastructure to host and distribute a malicious Android Remote Access Trojan (RAT) that evaded traditional filters. The operation begins with a fake security app named TrustBastion promoted via prompts or advertisements claiming device infection and urging installation. After sideloading, the app immediately requests an update, showing visuals that mimic official Google Play and Android dialogs, then retrieves payloads from Hugging Face. Operators employed server-side polymorphism to churn out slightly different payloads rapidly, generating new payloads roughly every 15 minutes and accumulating thousands of commits in a short period, complicating detection despite platform scanning.
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]