Find notable cyber news and cases, enriched with sources, timelines, and signals.

Android RAT campaign using Hugging Face dropper lure

Campaign
First reported
Last updated
Happening score
H score 37
1 unique sources, 1 articles

Summary

Hide ▲

In recent weeks, a live Android RAT campaign has used Hugging Face to deliver malicious APKs through a fake-update lure. The operation starts with a dropper app, such as TrustBastion, that tricks users into installing an update and pulling down the payload. Once installed, the malware requests accessibility permissions and other sensitive controls to support surveillance and credential theft. The campaign matters because it combines social engineering with trusted cloud hosting to reach Android users more effectively.

Related Happenings

Google Gemini on Android notification-injection bypass using Fake Context Alignment

Technical Analysis
H score16 First: 03.06.2026 22:11 Last: 03.06.2026 22:11 Sources 1

About this happening: Researchers found a **notification-based prompt-injection bypass** in **Google Gemini on Android** that could turn hostile notification text into **unauthorized assistant actions*...

Premium Deception Android malware campaign

Campaign
H score38 First: 20.05.2026 18:30 Last: 20.05.2026 18:30 Sources 1

About this happening: The **Premium Deception** campaign used **nearly 250 fake Android apps** to enroll victims in premium mobile billing subscriptions, creating direct fraud risk across multiple coun...

Trapdoor Android malvertising and ad-fraud campaign

Campaign
H score39 First: 19.05.2026 19:38 Last: 19.05.2026 19:38 Sources 1

About this happening: The **Trapdoor** campaign is a **self-sustaining malvertising and ad-fraud operation** targeting **Android users** and turning app installs into revenue through threat-actor-contr...

Google rolls out Android Intrusion Logging in Android Advanced Protection Mode

Security Tool/Service
H score10 First: 14.05.2026 16:30 Last: 14.05.2026 16:30 Sources 1

About this happening: Google has released **Android Intrusion Logging** for **Android Advanced Protection Mode**, giving **high-risk Android users** encrypted forensic logs to investigate suspected **s...

Android Intrusion Logging forensic logging rollout for spyware investigations

Security Tool/Service
H score11 First: 13.05.2026 09:55 Last: 13.05.2026 09:55 Sources 1

About this happening: **Android** is adding **Intrusion Logging**, an opt-in forensic feature in **Advanced Protection Mode** that preserves device and network activity for suspected spyware compromise...

Timeline

  1. 16.02.2026 12:24 2 articles · 4mo ago

    Android RAT campaign uses Hugging Face dropper lure

    Initial Disclosure

    An Android remote access trojan campaign uses Hugging Face to host and distribute malicious APK files, starting with a dropper app such as TrustBastion that prompts a fake update before downloading the payload. Once installed, the malware requests accessibility permissions and other sensitive controls to support surveillance and credential theft against Android users.

    Show sources