Jakarta – Cybercriminals are now using trusted artificial intelligence (AI) platforms to spread malware to Android phones. The latest findings reveal that Hugging Face’s infrastructure, a popular platform for AI models and datasets, is being misused to distribute a malicious Android Trojan called TrustBastion.
According to a report by cybersecurity company Bitdefender, TrustBastion masquerades as a security application and uses scareware tactics to trick users into installing it. The fake application displays fake threat warnings and encourages users to download “emergency updates”.
Instead of getting an official update, users are instead redirected to a repository on Hugging Face, where the main malware is downloaded to the device. Because Hugging Face is widely known and used by developers and AI researchers around the world, this platform is considered trustworthy, so it does not arouse suspicion for many users.
“It is this trust in the platform that attackers exploit,” Bitdefender said in its findings.
Once installed, TrustBastion exploits the Accessibility Services feature in Android to take control of the device. This malware is able to record the screen, record every keystroke the user makes, and display a fake login window that overrides the original banking application.
As a result, when users enter their banking username and password, the data immediately falls into the hands of cyber criminals.
What makes TrustBastion even more dangerous, the attacker implements a server-side polymorphism technique, which creates new malware variants periodically, even every 15 minutes. This technique makes it difficult for traditional security systems to detect and block threats.
This case confirms that AI platforms, although not app stores, are now a new vector in the spread of malware. TrustBastion is also not the first incident, and security researchers believe similar methods will continue to be used in the future.
Security experts again remind the importance of downloading apps only from official sources such as Google Play. Although Google Play is not completely immune from malicious apps, the platform has various layers of protection, including Google Play Protect, which routinely scans apps to detect suspicious behavior.
In contrast, apps from third-party stores or APK files from random sites generally don’t have such a strict security system.
This threat also explains why Google has been pushing for sideloading restrictions on Android. Sideloading, or installing apps from outside the official store, bypasses Google’s entire security mechanism and opens a large gap for malware attacks.
Although sideloading is still favored by advanced users because of its flexibility, the practice carries a high risk. Security experts advise that if sideloading is unavoidable, users only install apps from developers they really trust and understand the risks involved.
The TrustBastion case is a stark reminder that in the era of AI, cyber threats do not only come from suspicious applications, but can also hide behind platforms that have long been considered safe.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language.
(system supported by DigitalSiber.id)
