Android Trojan Hijacks Hugging Face to Distribute RAT Payloads

Bitdefender researchers identified a new Android trojan that uses the Hugging Face platform—normally a repository for AI models—to host its remote‑access‑tool (RAT) payloads. The dropper retrieves the malicious APK from a seemingly benign model page, then contacts a command‑and‑control (C2) server whose infrastructure was mapped to multiple IP ranges. Researchers published the SHA‑256 hashes of the dropper binaries and detailed the obfuscation techniques that bypass standard static analysis.

Defenders should treat AI model hosting sites as potential threat vectors, as the trojan blends into legitimate traffic and evades traditional mobile‑app vetting. Monitoring outbound connections to non‑traditional domains, employing heuristic scanning of downloaded binaries, and incorporating threat‑intel feeds that flag suspicious Hugging Face URLs can help stop this supply‑chain style infection before it reaches users.

Categories: Malware & Ransomware, Security Culture & Human Factors, AI Security & Threats

Source: Read original article