We’ve said it before, and we’ll say it again. Whenever you download apps for your phone, it’s usually best if you download them from trusted sources. We’re talking about platforms such as Google Play, which comes with various security features designed to protect users as much as realistically possible. Unfortunately, if you have turned to third-party sources, it seems that a recently discovered Android Trojan has been using the Hugging Face platform to deliver malware onto smartphones.
Android Trojan uses Hugging Face to distribute malware
According to security firm Bitdefender, hackers are using Hugging Face’s infrastructure as a distribution platform for an Android trojan called TrustBastion. The malware disguises itself as a security app and uses scareware tactics to scare users into installing it. Once you install it, the app immediately prompts you to download an “urgent update.”
However, instead of getting a legitimate update, the app redirects users to a Hugging Face repository where it downloads the actual malware. For those unfamiliar, Hugging Face is a popular platform that hosts AI models and datasets. It is used by developers and researchers worldwide. It is also why it’s considered a trusted platform.
Unfortunately, this trust has led cybercriminals to take advantage of it to distribute malware. TrustBastion isn’t the first instance, and we doubt it will be the last. The attackers also use server-side polymorphism, creating new malware variants roughly every 15 minutes.
Once the malware has been installed, it takes advantage of Android’s Accessibility Services to gain control over your device. It can record your screen, log everything you type, and overlay fake login windows on top of real banking apps. This means when you enter your credentials, you’re actually handing them directly to the attackers.
Protecting yourself from sideloaded malware
So how do you avoid falling victim to this kind of attack? The answer is pretty straightforward. Stick to official app stores like Google Play. We get that there is no such thing as a perfect system. In fact, more than once, Google Play has accidentally hosted apps laden with malware. However, Google Play has multiple layers of protection, including Google Play Protect, which scans apps for malicious behavior. Third-party app stores and APK files from random websites typically don’t have these safeguards.
This is actually one of the reasons Google wanted to restrict sideloading on Android in the first place. Sideloading means installing apps from outside the official store, which bypasses all of Google’s security measures. While advanced users appreciate the flexibility, it opens the door for exactly this kind of attack. If you absolutely must sideload an app, make sure it’s from a developer you completely trust.
The post Cybercriminals are abusing AI platforms to spread mobile malware appeared first on Android Headlines.
