an advanced Android Remote Access Trojan (RAT) campaign that distributes payloads using the Hugging Face AI platform. In order to get around reputation-based filtering, the operation combines server-side polymorphism with the misuse of trustworthy infrastructure, releasing fresh malware samples roughly every 15 minutes to avoid detection. Dropper Mechanics and the Infection Chain The infection begins with a dropper application, initially identified as “TrustBastion” and later resurfacing as “Premium Club.” These programs are disseminated through malvertising, disguising themselves as utility or security apps.

Distribution of droppers and misleading update prompts (Source: Bitdefender) The dropper behaves benignly when installed manually, but it immediately displays a misleading update prompt. In order to trick the user into allowing the download of the second-stage payload, this dialog imitates authentic Google Play or Android system update interfaces.

This campaign retrieves the malicious APK straight from Hugging Face repositories, in contrast to standard campaigns that host payloads on malicious domains. The campaign's misuse of Hugging Face, a platform that developers generally rely on to host machine learning models, is what makes it unique. Because of the domain's excellent reputation, traffic to huggingface.co usually avoids network blocklists.

The dropper contacts a command-and-control (C2) endpoint (such as trustbastion[. ]com), which returns an HTML page with a redirect link, according to network analysis. This link directs users to a particular Hugging Face repository where the payload is stored. The attackers use server-side polymorphism to maintain persistence and avoid hash-based detection mechanisms.

The investigation found the repository generating roughly 6,000 commits over 29 days, resulting in a unique payload hash every 15 minutes.

The underlying malicious code structure doesn't change even when the cryptographic hash does. Abuse of Accessibility and RAT Capabilities Once installed, the payload requests access to Accessibility Services under the guise of a “Phone Security” feature, as reported by Bitdefender. By granting this authorization, the RAT is able to get around the Android security model and carry out illegal activities, such as: Permission abuse (Source: Bitdefender) Real-time user activity is captured through screen recording and casting.

Overlay Attacks: In order to obtain login credentials, fraudulent login interfaces are displayed over trustworthy financial apps, with a focus on WeChat and Alipay. Creating a connection to the C2 server in order to steal device information and lock-screen patterns is known as persistent control. Through keep-alive connections to a centralized C2 infrastructure, the malware continues to be visible.

Credential theft and surveillance (Source: Bitdefender) 154.198.48.57 over port 5000 was the main endpoint found during analysis. This server coordinates payload delivery, receives exfiltrated data, and manages the redirection logic that points victims to the active Hugging Face repository. Compromise Indicators (IOCs) Notes and Description of Category Type Indicators Trustbastion of Network DomainsPrimary C2/Dropper configuration server [.

]com Top Secondary C2 (Premium Club campaign wave) Network Domain au-club C2 server with network IP address 154.198.48.57 (listening on port 5000) 108.187.7.133 is the network IP address. The network URL pattern for the secondary C2 node is huggingface[. ]co/datasets/…/b.apk rgpp.

lerlgl.vhrthg File MD5 Hash d184d705189e42b54c6243a55d6c9502 TrustBastion dropper sample File MD5 Hash d8b0fd515d860be2969cf441ea3b620d TrustBastion dropper sample File MD5 Hash b716a8a742fec3084b0f497abbfecfc0 TrustBastion dropper sample MD5 hash file 15bdc66aca9fb7290165d460e6a993a9 TrustBastion dropper sample File MD5 Hash: fc874c42ea76dd5f867649cbdf81e39b Premium Club dropper sample Package for Android The malicious Android package rgpp.lerlgl.vhrthg is called TrustBastion. The malicious Android package com.nrb.phayrucq Premium Club