Hugging Face repositories were used to host and deliver an Android RAT (TrustBastion) that abused permissions to capture and exfiltrate screen content and credentials.
Android RAT delivered via Hugging Face repositories uses social engineering and Android Accessibility Services to gain device control and evade detection through frequent server-side polymorphism.
