The cloud as a shelter for polymorphic campaign malware in Hugging Face steals bank credentials

Cloud services and open source platforms designed to share models and research are being reused by digital criminals as malware deposits, and the last example has been discovered by the Romanian firm Bitdefender: a campaign that uses the Hugging Face platform to accommodate thousands of variants of an APK designed to steal payment credentials and mobile banking.

The attack starts with a barley app that users install after pressing alarmist ads that indicate the device is compromised. This trapolate application - with a visible name on many samples like TrustBastion - is used as a security tool and forces the user to accept an "update" that visually reproduces Google Play elements to avoid arousing suspicion. Instead of including the malicious code in the installer itself, the dropper contacts a control server that returns a redirection to a repository housed in Hugging Face. From there the final payload is downloaded through the platform CDN.

The technical trick used by attackers is especially effective: instead of serving a static binary, the operator applies polymorphism at server level, generating new variants of the APK every few minutes to avoid signatures and detection by static analysis. Bitdefender documented that, in a short time, the repository had accumulated thousands of commitments and that, after being withdrawn, the operation reappeared under another name and with new icons, maintaining the same malicious core. More technical details and samples are described by the researchers in their original report published by Bitdefender.

The final load is a remote access trojan (RAT) that abuses Android Accessibility Services to gain advanced control over the device. By that permission - presented to the user as something necessary to "protect" the phone - malware can overlap screens, capture the image of the content shown, simulate gestures, prevent disinstallations and run actions that normally require physical interaction.

With these capabilities, malicious software can inject false interfaces over legitimate applications: experts observed phishing windows that mimic paywalkways and popular financial applications, as well as forms designed to capture the phone unlocking PIN. All the stolen information is sent to the command and control servers, which also keep the app "alive" showing false content so that the victim believes the tool works properly.

In the face of this type of abuse of distribution platforms, Hugging Face removed the data involved after being notified by the researchers, but the episode shows how legitimate services can become vectors for sophisticated campaigns when the malicious use of resources is not controlled. To understand the problem with more context, the public website of Hugging Face is available at huggingface.co and the technical documentation of the investigators who led to the removal.

What risk does this pose to a normal user? If you install apps that do not come from official stores and, in addition, you grant powerful permits like Accessibility Services, the risk goes up dramatically: the attacker can see and capture your interactions with bank apps, supplant login screens and obtain credentials or access codes. In addition, the persistent nature of these RATs may make it difficult to remove them until they are carefully acted upon.

Practical recommendations are not new, but they remain the most effective: it avoids the installation of applications from unverified origins, reviews and questions the permissions that any app requests - especially accessibility -, and does not accept "updates" outside the official store. Google maintains resources with guidance on how to protect your device and on Play Protect that can help you verify apps and suspicious behaviors on Android, and it is recommended to follow those guides: Google Play Help Center and documentation for developers on accessibility in evooper.android.com.

If you suspect that your device has been compromised by an app like this, it is appropriate to act quickly but with caution: to revoke the accessibility permissions from the settings before trying to uninstall the app, use the safe mode if the direct removal fails, run a scan with recognized security solutions and change passwords and activate the authentication of two factors in critical services. In cases of financial credentials theft, contact your bank to report suspicious movements and block cards or accesses.

Beyond the individual measure, this incident recalls that collaboration and distribution platforms need to improve abuse detection tools: automatic controls, review of executable content and more agile response mechanisms are key to reducing the exposure window. Hugging Face security teams acted after Bitdefender's notification, but the ease of recreating repositories and changing names shows that the challenge is persistent.

In an increasingly central mobile ecosystem in financial and personal life, the best defense remains the combination of user caution and a coordinated response between researchers, platforms and suppliers. Keep your system and applications up to date, install only from reliable sources and do not grant sensitive permissions without understanding why an app needs them; with these simple habits you greatly reduce the surface of attack that seek to exploit campaigns such as the one described by Bitdefender.