Malware Campaign Used Hugging Face to Host Android RAT Payloads

A novel Android attack chain exploited a public machine-learning asset repository to deliver a remote-access trojan disguised as a security utility. Operators packaged a dropper application that lured installs with promises of device-protection features, then prompted victims to fetch an update that in reality pulled a malicious payload from a dataset hosted on the platform. The dropper presented familiar-style prompts to convince users to grant elevated controls; once accepted, the malware asked for broad permissions including accessibility, screen capture, and overlay capabilities. Those privileges allowed the adversary to observe and manipulate on-screen activity, siphon displayed content, and maintain persistent remote control. The campaign relied on a repository that was active for roughly a month and contained an unusually large number of commits, while new payload variants appeared on an automated cadence of about every 15 minutes. When one repository was removed, the operators shifted to another hosting link with cosmetic changes but identical core code, demonstrating an ability to adapt quickly to takedowns. Infected instances communicated with a command-and-control backend that served updated configurations, harvested credentials via counterfeit login screens, and redirected the dropper to fresh download links. Targeting included interfaces for major payment and finance apps, enabling credential theft and session capture. The abuse highlights a broader supply-chain problem: platforms intended for collaborative research can be repurposed as resilient distribution points for malware. Platform operators removed the offending datasets after disclosure, but the attackers’ rapid rotation and payload-generation cadence increased the burden on defenders. The incident underscores the need for improved monitoring of public repositories and stricter controls on distribution channels that can be leveraged to deliver active malware to mobile devices.