Hugging Face Abused to Deploy Android RAT

The Hugging Face infrastructure has been abused for the delivery of an Android remote access trojan (RAT), Bitdefender reports.

The attack chain starts with an ad or a prompt to download and install a security application claiming to provide multiple useful features.

The application, called TrustBastion, acts as a dropper and immediately after launch prompts the user to fetch an update, displaying legitimate-looking Google Play and Android system update dialogs.

Once the user agrees, the dropper connects to an encrypted endpoint hosted at trustbastion[.]com, which serves an HTML page that points to a Hugging Face repository, and then downloads a malicious payload from the online platform’s datasets.

According to Bitdefender, the Hugging Face repository used in the attack was roughly a month-old when taken offline and had over 6,000 commits. New payloads were being generated roughly every 15 minutes, the cybersecurity firm says.

“The repository eventually went ...