Security researchers have uncovered a malicious Android campaign where threat actors used trusted frameworks to host a remote access trojan (RAT) payload disguised as legitimate machine-learning components. By embedding the malicious code within seemingly benign artifacts, attackers can bypass basic app screening and deliver full device control once installed. TheRAT collects sensitive data, captures screen activity, and can execute commands, turning compromised phones into persistent footholds. This case highlights how supply-chain and hosting tricks increasingly endanger mobile endpoints, underscoring the need for strict app-install controls, vigilant package verification, and runtime behavior monitoring on devices.
Read the full report here.