Fake antivirus app delivers Android malware threat to mobile devices

If you use Android phoneThis deserves your attention. Right now, cybersecurity researchers are warning that hackers are using Hugging Face, a popular sharing platform Artificial Intelligence (AI) tools.To spread dangerous Android malware. At first, the threat seems harmless because it is disguised as a fake antivirus application. Then, once installed, criminals gain direct access to your device. For this reason, the threat stands out as particularly worrying. It combines two things people already trust: security applications and AI platforms.

Sign up for my free CyberGuy report

Get the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – for free when you join my site CYBERGUY.COM Newsletter.

Malicious GOOGLE CHROME Extensions hijack accounts

Researchers say hackers hid Android malware inside a fake antivirus app that looked legitimate at first glance. (Kurt “CyberGuy” Knutson)

What is face hugging and why is it important

For anyone unfamiliar, Hugging Face is an open platform where developers share AI, NLP, and machine learning models. It is widely used by researchers and startups, and has become a central hub for AI experimentation. This openness is also what the attackers exploited. Because Hugging Face allows public repositories and supports many file types, criminals have been able to host malicious code in plain sight.

Fake antivirus application behind the attack

The malware first appeared in an Android app called TrustBastion. On the surface, it seems like a useful security tool. It promises virus protection, phishing defense, and malware blocking. In fact, it does the opposite.

Once installed, TrustBastion immediately claims that your phone is infected. Then it pressures you to install the update. This update introduces malicious code. This tactic is known as a scare program. It relies on panic and urgency to get users to click before thinking.

Fake pop-ups spread malware quickly

The fake TrustBastion app mimics the legitimate Google Play update screen to trick users into installing malware. (Bitdefender)

How malware spreads and adapts

According to global cybersecurity firm Bitdefender, the campaign focuses on a fake Android security app called TrustBastion. Victims will likely be shown ads or warnings claiming that their devices are infected and instructed to install the app manually.

The attackers hosted TrustBastion’s APK files directly on Hugging Face, placing them inside public datasets that looked legitimate at first glance. Once installed, the app immediately prompts users to install the required “update,” which triggers the actual malware.

After researchers reported the malicious repository, it was removed. However, Bitdefender noted that nearly identical repositories quickly resurfaced, with small cosmetic changes but the same malicious behavior. This quick rebuild made it difficult to close the entire campaign.

What can this Android malware do?

This Trojan is not simple or annoying. It’s invasive. Bitdefender says malware can:

Take screenshots of your device

Show fake login screens for financial services

Capture your lock screen PIN

Once collected, that data is sent to a third-party server. From there, attackers can move quickly to drain accounts or lock you out of your phone.

What Google says about the threat

Google says users who stick to the official app stores are protected. “Based on our current detection, no apps containing this malware have been found on Google Play,” a Google spokesperson told CyberGuy.

The spokesperson added, “Android users are automatically protected from known versions of this malware by Google Play protectionwhich is turned on by default on Android devices with Google Play Services.” They also noted that “Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when these apps come from sources outside of Play.”

8.8 million users infected with browser-attached malware in DARKSPECTRE attack

Once installed, the malware can capture screenshots, fake login details, and even your lock screen PIN. (Kurt “CyberGuy” Knutson)

How to stay safe from Hugging Face Android malware

This threat is a reminder that small choices matter. Here’s what you should do now:

1) Stick to trusted app stores

Download only Applications from trusted sources Such as Google Play Store or Samsung Galaxy Store. These platforms have moderation and scanning in place.

2) Read reviews before installing

Look closely at ratings, number of downloads, and recent comments. Fake security apps often have vague reviews or sudden ratings spikes.

3) Use a data removal service

Even careful users can have their personal data exposed. Our data removal service helps remove your phone number, email and other details from data broker websites that criminals rely on. This reduces subsequent fraud, fake security alerts and account takeover attempts.

While no service can guarantee complete removal of your data from the Internet, a data removal service is truly a smart choice. It’s not cheap, and neither is your privacy. These services do all the work for you by systematically monitoring and scraping your personal information from hundreds of websites. This gives me peace of mind and has proven to be the most effective way to clear your personal data from the Internet. By limiting the information available, you reduce the risk of fraudsters cross-referencing data from breaches to information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free check to see if your personal information really exists on the web by visiting Cyberguy.com

Get a free check to see if your personal information is already on the web: Cyberguy.com

4) Turn on Play Protect and use a powerful antivirus

Regularly scan your device with Play Protect and back it up with powerful antivirus software for added protection. Google Play Protect, a built-in malware protection for Android devices, automatically removes known malware. However, it is important to note that Google Play Protect may not be enough. Historically, this method has not been 100% effective in removing all known malware from Android devices.

The best way to protect yourself from malicious links that install malware and potentially access your private information is to install strong antivirus software on all your devices. This protection can help you too Detect phishing emails and ransomwarekeeping your personal information and digital assets secure.

Get my picks for the best antivirus protection winners of 2026 for Windows, Mac, Android, and iOS at Cyberguy.com

5) Avoid sideloading APK files

Avoid installing apps from websites outside the App Store. These apps bypass security checks, so always check the publisher name and URL.

6) Secure your Google account

The security of your phone depends on it. Enable two-step verification (2FA) first, then use a strong, unique password stored in your password manager to prevent account takeovers.

Next, see if you have it Email has been exposed In past breaches our #1 password manager (see Cyberguy.com) Choice includes a built-in penetration scanner that checks if your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2026 at Cyberguy.com

7) Be careful with permissions

Be careful with access permissions. Malware often abuses it to take control of your device.

8) Watch app updates closely

Malware can hide inside fake updates. Be wary of hotfixes that push you out of the App Store.

Key takeaways for Kurt

This attack shows how quickly trust can be weaponized. A platform designed to advance AI research has been repurposed as a malware delivery system. The fake antivirus app became the threat the company claimed to stop. Staying secure no longer means avoiding sketchy-looking apps. This means questioning even those applications that seem useful and professional.

Have you seen something on your phone that made you question its security? Let us know your thoughts by writing to us at Cyberguy.com

Click here to download the FOX NEWS app

Sign up for my free CyberGuy report

Get the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – for free when you join my site CYBERGUY.COM Newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.