{"id":208266,"date":"2026-01-30T14:49:00","date_gmt":"2026-01-30T19:49:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/01\/30\/hugging-face-ai-platform-used-to-deliver-android-malware-via-fake-apps-dont-fall-for-this\/"},"modified":"2026-01-30T15:05:08","modified_gmt":"2026-01-30T20:05:08","slug":"hugging-face-ai-platform-used-to-deliver-android-malware-via-fake-apps-dont-fall-for-this","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/01\/30\/hugging-face-ai-platform-used-to-deliver-android-malware-via-fake-apps-dont-fall-for-this\/","title":{"rendered":"Hugging Face AI platform used to deliver Android malware via fake apps: don&#8217;t fall for this"},"content":{"rendered":"<p><a href=\"https:\/\/www.tomsguide.com\/computing\/malware-adware\/hugging-face-ai-platform-used-to-deliver-android-malware-via-fake-apps-dont-fall-for-this\">Hugging Face AI platform used to deliver Android malware via fake apps: don&#8217;t fall for this<\/a><\/p>\n<p><a href=\"https:\/\/www.tomsguide.com\/computing\/malware-adware\/hugging-face-ai-platform-used-to-deliver-android-malware-via-fake-apps-dont-fall-for-this\">https:\/\/www.tomsguide.com\/computing\/malware-adware\/hugging-face-ai-platform-used-to-deliver-android-malware-via-fake-apps-dont-fall-for-this<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-30 14:49:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.tomsguide.com\">www.tomsguide.com<\/a><\/p>\n<p id=\"f7bc1110-5706-4b2c-a789-6eb999b7f7f2\">Hackers are reportedly using the popular Hugging Face AI platform to release Android malware that can take over your device. The malware is delivered via a fake app.<\/p>\n<p>For the unfamiliar, Hugging Face is an open platform that hosts AI tools and machine learning bots. Users and creators can distribute and download AL, NLP and ML models. Unfortunately, sometimes it can be used to release bad models as well.<\/p>\n<p id=\"f7bc1110-5706-4b2c-a789-6eb999b7f7f2-2\">Researchers at the cybersecurity firm Bitdefender found that this new malware first appeared in an app called TrustBastion. Hugging Face &#8220;doesn\u2019t seem to have meaningful filters that govern what people can upload,&#8221; the researchers said.<\/p>\n<p><span class=\"font-article-heading block pb-3 !text-base font-bold uppercase sm:text-sm text-[#333]\"><br \/>\nYou may like<br \/>\n<\/span><\/p>\n<p class=\"paywall\" aria-hidden=\"true\">Apparently, TrustBastion pretends to be an Android antivirus program by &#8220;offering&#8221; virus protection, phishing defense and malware blocking. In reality, this app is &#8220;scareware&#8221;: once you install it, it claims your device is infected and demands an update. Once you update the app, it installs the malicious code.<\/p>\n<h2 id=\"what-this-malware-does-3\">What this malware does<\/h2>\n<p class=\"vanilla-image-block\" style=\"padding-top:56.25%;\">\n<p><span class=\"credit\" itemprop=\"copyrightHolder\">(Image credit: Shutterstock)<\/span><\/p>\n<p id=\"9eda3aae-8e73-4781-8b3b-3235e605cbb1\">Bitdefender says TrustBastion connects to a third-party server, which then redirects to a Hugging Face repository with 6,000 commits. Despite being reported, Bitdefender says a new repository almost immediately appeared with a new name and icons, but the same malicious code.<\/p>\n<p>This Trojan malware is quite powerful. According to Bitdefender, it can take screenshots, display fake login interfaces for financial serives and capture your lock screen pin. That information is then sent to a third-party server.<\/p>\n<h2 id=\"how-to-stay-safe-3\">How to stay safe<\/h2>\n<p class=\"vanilla-image-block\" style=\"padding-top:56.25%;\">\n<p><img decoding=\"async\" alt=\"Google Play on a Samsung Galaxy phone\" srcset=\"https:\/\/cdn.mos.cms.futurecdn.net\/LHpZVYPdyJuvFiGy8SXsHX-1200-80.jpg 1200w, https:\/\/cdn.mos.cms.futurecdn.net\/LHpZVYPdyJuvFiGy8SXsHX-1024-80.jpg 1024w, https:\/\/cdn.mos.cms.futurecdn.net\/LHpZVYPdyJuvFiGy8SXsHX-970-80.jpg 970w, https:\/\/cdn.mos.cms.futurecdn.net\/LHpZVYPdyJuvFiGy8SXsHX-650-80.jpg 650w, https:\/\/cdn.mos.cms.futurecdn.net\/LHpZVYPdyJuvFiGy8SXsHX-480-80.jpg 480w, https:\/\/cdn.mos.cms.futurecdn.net\/LHpZVYPdyJuvFiGy8SXsHX-320-80.jpg 320w\" sizes=\"(min-width: 1000px) 970px, calc(100vw - 40px)\" loading=\"lazy\" data-new-v2-image=\"true\" src=\"https:\/\/cdn.mos.cms.futurecdn.net\/LHpZVYPdyJuvFiGy8SXsHX.jpg\" data-pin-media=\"https:\/\/cdn.mos.cms.futurecdn.net\/LHpZVYPdyJuvFiGy8SXsHX.jpg\" class=\"inline\"\/>\n<\/p>\n<p><span class=\"credit\" itemprop=\"copyrightHolder\">(Image credit: Shutterstock)<\/span><\/p>\n<p id=\"a6aa7645-f27e-4535-a3a0-7a97a93cc5e3\">The simplest thing you can do is download Android apps only from reputable sources with some form of moderation and security filtering, such as the Google Play Store or the Samsung Galaxy Store. Even in those places, be sure to scour the reviews and note the overall downloads and rating.<\/p>\n<p class=\"newsletter-form__strapline\">Get instant access to breaking news, the hottest reviews, great deals and helpful tips.<\/p>\n<p>Avoid sideloading APKs outside of the&#8230;<\/p>\n<p><a href=\"https:\/\/www.tomsguide.com\/computing\/malware-adware\/hugging-face-ai-platform-used-to-deliver-android-malware-via-fake-apps-dont-fall-for-this\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hugging Face AI platform used to deliver Android malware via fake apps: don&#8217;t fall for&#8230;<\/p>\n","protected":false},"author":1,"featured_media":208267,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cdn.mos.cms.futurecdn.net\/v6Ro3B6LfmJmFroAuNUBf8-2000-80.jpg","fifu_image_alt":"","footnotes":""},"categories":[46],"tags":[70,32,25,86,57],"class_list":["post-208266","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-android","tag-google","tag-malware","tag-phishing","tag-samsung","tag-security"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/208266"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=208266"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/208266\/revisions"}],"predecessor-version":[{"id":208268,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/208266\/revisions\/208268"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/208267"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=208266"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=208266"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=208266"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}