• Copy link
• Facebook
• X
• Reddit
• Email

Share this article

0

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the Tom's Guide Newsletter

Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!

Become a Member in Seconds

Unlock instant access to exclusive member features.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Daily (Mon-Sun)

Tom's Guide Daily

Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.

Signup +

Weekly on Thursday

Tom's AI Guide

Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!

Signup +

Weekly on Friday

Tom's iGuide

Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.

Signup +

Weekly on Monday

Tom's Streaming Guide

Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.

Signup +

---

Join the club

Get full access to premium articles, exclusive features and a growing list of member rewards.

Explore

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

Update: Google spokesperson says malware not found in Google Play Store.

Hackers are reportedly using the popular Hugging Face AI platform to release Android malware that can take over your device. The malware is delivered via a fake app.

For the unfamiliar, Hugging Face is an open platform that hosts AI tools and machine learning bots. Users and creators can distribute and download AL, NLP and ML models. Unfortunately, sometimes it can be used to release bad models as well.

Researchers at the cybersecurity firm Bitdefender found that this new malware first appeared in an app called TrustBastion. Hugging Face "doesn’t seem to have meaningful filters that govern what people can upload," the researchers said.

Apparently, TrustBastion pretends to be an Android antivirus program by "offering" virus protection, phishing defense and malware blocking. In reality, this app is "scareware": once you install it, it claims your device is infected and demands an update. Once you update the app, it installs the malicious code.

What this malware does

Bitdefender says TrustBastion connects to a third-party server, which then redirects to a Hugging Face repository with 6,000 commits. Despite being reported, Bitdefender says a new repository almost immediately appeared with a new name and icons, but the same malicious code.

This Trojan malware is quite powerful. According to Bitdefender, it can take screenshots, display fake login interfaces for financial serives and capture your lock screen pin. That information is then sent to a third-party server.

Malware isn't in Google Play, says Google

A Google spokesperson told Tom's Guide that according to their systems this malware and apps containing it are not in the Google Play store.

"Based on our current detection, no apps containing this malware are found on Google Play," the spokesperson said.

They added that Android users are automatically protected against "known versions of this malware" by Google Play Protect, which scans apps for malicious behavior and can warn users or block apps.

How to stay safe

The simplest thing you can do is download Android apps only from reputable sources with some form of moderation and security filtering, such as the Google Play Store or the Samsung Galaxy Store. Even in those places, be sure to scour the reviews and note the overall downloads and rating.

Avoid sideloading APKs outside of the store. If you are triple-checking that the publisher and URL are correct before you download. Be wary of any apps that ask for accessibility permissions.

You should periodically scan your Android device with Play Protect and bolster your security with some of the best Android antivirus apps.

Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.

More from Tom's Guide

• Fake Chrome extension ‘breaks’ your computer before it hits you with malware — how to stay safe
• Malicious Zoom Stealer extensions can leak your private meeting details — how to stay safe
• New malware turns trusted banking apps into phone hijacking tools — how to stay safe