ON 4 February 2026, Bitdefender researchers disclosed a sophisticated Android Remote Access Trojan campaign that hijacks the Hugging Face platform to host malicious payloads, bypassing standard network filters aimed at low-reputation domains. The attackers run an automated factory, using server-side polymorphism to generate new, unique APK payloads roughly every 15 minutes and continually changing file hashes to defeat signature-based antivirus detection.
Infections begin with a social engineering lure, as users are tricked into downloading an app called TrustBastion (or later, Premium Club), often via ads claiming their device is infected. Once installed, the dropper presents a fake “Update Available” screen that directs the user to download the actual spyware from a Hugging Face dataset.
After payload delivery, the malware employs Accessibility Services to gain broad visibility into user interactions, disguising itself as a “Phone Security Component” and requesting permissions under the guise of security verification, enabling capabilities such as screen recording and overlaying fake login windows to harvest credentials. According to Bitdefender Report, Hugging Face’s space can be misused for malicious purposes due to limited filtering.