Android RAT campaign using Hugging Face dropper lure
Campaign
Summary
Hide ▲
Show ▼
In recent weeks, a live Android RAT campaign has used Hugging Face to deliver malicious APKs through a fake-update lure. The operation starts with a dropper app, such as TrustBastion, that tricks users into installing an update and pulling down the payload. Once installed, the malware requests accessibility permissions and other sensitive controls to support surveillance and credential theft. The campaign matters because it combines social engineering with trusted cloud hosting to reach Android users more effectively.
Related Happenings
Premium Deception Android malware campaign
Campaign
First: 20.05.2026 18:30
Last: 20.05.2026 18:30
Sources 1
About this happening:
The **Premium Deception** campaign used **nearly 250 fake Android apps** to enroll victims in premium mobile billing subscriptions, creating direct fraud risk across multiple coun...
Premium Deception Android malware campaign
CampaignAbout this happening: The **Premium Deception** campaign used **nearly 250 fake Android apps** to enroll victims in premium mobile billing subscriptions, creating direct fraud risk across multiple coun...
Trapdoor Android malvertising and ad-fraud campaign
Campaign
First: 19.05.2026 19:38
Last: 19.05.2026 19:38
Sources 1
About this happening:
The **Trapdoor** campaign is a **self-sustaining malvertising and ad-fraud operation** targeting **Android users** and turning app installs into revenue through threat-actor-contr...
Trapdoor Android malvertising and ad-fraud campaign
CampaignAbout this happening: The **Trapdoor** campaign is a **self-sustaining malvertising and ad-fraud operation** targeting **Android users** and turning app installs into revenue through threat-actor-contr...
Google rolls out Android Intrusion Logging in Android Advanced Protection Mode
Security Tool/Service
First: 14.05.2026 16:30
Last: 14.05.2026 16:30
Sources 1
About this happening:
Google has released **Android Intrusion Logging** for **Android Advanced Protection Mode**, giving **high-risk Android users** encrypted forensic logs to investigate suspected **s...
Google rolls out Android Intrusion Logging in Android Advanced Protection Mode
Security Tool/ServiceAbout this happening: Google has released **Android Intrusion Logging** for **Android Advanced Protection Mode**, giving **high-risk Android users** encrypted forensic logs to investigate suspected **s...
Android Intrusion Logging forensic logging rollout for spyware investigations
Security Tool/Service
First: 13.05.2026 09:55
Last: 13.05.2026 09:55
Sources 1
About this happening:
**Android** is adding **Intrusion Logging**, an opt-in forensic feature in **Advanced Protection Mode** that preserves device and network activity for suspected spyware compromise...
Android Intrusion Logging forensic logging rollout for spyware investigations
Security Tool/ServiceAbout this happening: **Android** is adding **Intrusion Logging**, an opt-in forensic feature in **Advanced Protection Mode** that preserves device and network activity for suspected spyware compromise...
Android 17 expands platform security and privacy protections
Security Tool/Service
First: 12.05.2026 20:00
Last: 12.05.2026 20:00
Sources 1
About this happening:
**Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...
Android 17 expands platform security and privacy protections
Security Tool/ServiceAbout this happening: **Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...
Timeline
-
16.02.2026 12:24 2 articles · 3mo ago
Android RAT campaign uses Hugging Face dropper lure
Initial DisclosureAn Android remote access trojan campaign uses Hugging Face to host and distribute malicious APK files, starting with a dropper app such as TrustBastion that prompts a fake update before downloading the payload. Once installed, the malware requests accessibility permissions and other sensitive controls to support surveillance and credential theft against Android users.
Show sources
- New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft — thehackernews.com — 16.02.2026 12:24
- New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft — thehackernews.com — 16.02.2026 12:24