Researchers find an evolving RAT trojan distributing polymorphic Android payloads via trusted infrastructure, abusing permissions to harvest credentials.

Threat researchers have uncovered an Android remote access trojan (RAT) campaign that employs social engineering, accessibility service abuse, and the Hugging Face platform to distribute malicious payloads.

The operation illustrates a growing trend: threat actors using legitimate infrastructure to mask activity and evade detection. Cybercriminals have been using the popular platform to host and distribute malicious Android application packages (APKs).

Although the platform scans uploads with an open-source antivirus tool, it does not appear to block the storage of harmful material effectively. Attackers use it to host short-lived payloads, which are continuously updated to avoid signature-based detection.

Infection chain and initial lure

The infection begins with an app called TrustBastion, promoted through deceptive ads and pop-ups that claim to detect malware or block scams. While the installer (dropper) appears benign, it immediately urges users to apply an “update” presented through a convincing imitation of Android system prompts. Once the user complies, the malicious payload is retrieved through a multi-stage process that uses Hugging Face-hosted files.

Instead of downloading directly from a suspicious domain, the dropper contacts a compromised site, trustbastion[.]com, which then redirects to Hugging Face repositories. Traffic captures show that the final APKs are obtained directly from Hugging Face dataset links.

Continuous payload generation

Analysis of one Hugging Face repository showed approximately 6,000 commits over less than a month, indicating a new build every 15 minutes. These frequent uploads reflect server-side polymorphism: each file includes small changes to evade hash-based detection while maintaining the same malicious functionality. When repositories are taken down, new ones appear under slightly altered project names and icons.

Post-installation behavior

Once installed, the RAT requests broad system permissions, disguising itself as a built-in “Phone Security” feature. It guides users to enable Accessibility Services — a capability that gives it ongoing visibility into screen activity and user interactions. Additional permissions allow screen recording, overlay display, and casting, effectively granting full remote observation and manipulation of the device.

The malware uses these privileges to gather credentials and screen data, exfiltrating them to a command-and-control (C2) server. It displays realistic spoofed login pages for popular  e-payment and social media apps, capturing financial and authentication information, including device lock-screen inputs.

Command-and-control infrastructure

The operation maintains persistence through communication with a C2 server at IP address 154.198.48.57, linked to the trustbastion[.]com domain and operating over port 5000. The same infrastructure coordinates payload delivery, retrieves configuration updates, and serves new download links from Hugging Face to infected devices.

Analysis by the threat researchers from Bitdefender indicates a structured, ongoing campaign leveraging high-frequency payload generation and trusted cloud infrastructure to sustain distribution and evade detection, underscoring the challenges of monitoring open platforms used for hosting research and AI models.