Total phone hijack: New Hugging Face malware grants hackers full remote access

News
By published

False antivirus software could help steal sensitive information

Android logo on phone next to Malware sign
(Image credit: Getty Images)

Hackers are reportedly using the popular Hugging Face AI platform to release Android malware that can take over your device. The malware is delivered via a fake app.

For the unfamiliar, Hugging Face is an open platform that hosts AI tools and machine learning bots. Users and creators can distribute and download AL, NLP and ML models. Unfortunately, sometimes it can be used to release bad models as well.

Researchers at the cybersecurity firm Bitdefender found that this new malware first appeared in an app called TrustBastion. Hugging Face "doesn’t seem to have meaningful filters that govern what people can upload," the researchers said.

What this malware does

Malware on phone

(Image credit: Shutterstock)

Bitdefender says TrustBastion connects to a third-party server, which then redirects to a Hugging Face repository with 6,000 commits. Despite being reported, Bitdefender says a new repository almost immediately appeared with a new name and icons, but the same malicious code.

This Trojan malware is quite powerful. According to Bitdefender, it can take screenshots, display fake login interfaces for financial serives and capture your lock screen pin. That information is then sent to a third-party server.

How to stay safe

Google Play on a Samsung Galaxy phone

(Image credit: Shutterstock)

The simplest thing you can do is download Android apps only from reputable sources with some form of moderation and security filtering, such as the Google Play Store or the Samsung Galaxy Store. Even in those places, be sure to scour the reviews and note the overall downloads and rating.

Avoid sideloading APKs outside of the store. If you are triple-checking that the publisher and URL are correct before you download. Be wary of any apps that ask for accessibility permissions.

You should periodically scan your Android device with Play Protect and bolster your security with some of the best Android antivirus apps.

Google News

Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.

More from Tom's Guide

Scott Younker
Scott Younker
West Coast Reporter

Scott Younker is the West Coast Reporter at Tom’s Guide. He covers all the lastest tech news. He’s been involved in tech since 2011 at various outlets and is on an ongoing hunt to build the easiest to use home media system. When not writing about the latest devices, you are more than welcome to discuss board games or disc golf with him. He also handles all the Connections coverage on Tom's Guide and has been playing the addictive NYT game since it released.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.