Cybersecurity researchers are warning that the current AI boom has opened a new and dangerous attack surface on Android devices. A newly uncovered malware campaign is exploiting the global popularity of Hugging Face by disguising a malicious Android app as an official AI and machine learning tool, ultimately giving attackers near total control over infected smartphones.
The fake app, circulated under names like “HuggingFaceAI,” has been spotted on third party app stores, Telegram groups, and phishing pages shared through social media and messaging apps. Security analysts say the attackers are deliberately targeting users who are curious about generative AI but may not understand how Hugging Face actually operates. Unlike consumer AI apps, Hugging Face does not offer a standalone Android client, a gap threat actors are exploiting.
Once installed, the app silently deploys a sophisticated Android remote access trojan. From that moment on, the phone effectively stops belonging to its owner. With this access, the malware can do some pretty alarming things, such as:
What makes this campaign particularly effective is how convincingly it mimics a legitimate AI utility. The hackers employed a method known as “server-side polymorphism,” which essentially means they were continuously producing slightly different versions of the malware to throw off antivirus programs.
As experts uncovered:
“New payloads were generated roughly every 15 minutes. At the time of the investigation, the repository was about 29 days old and had amassed over 6,000 commits.”
Although Hugging Face does utilize ClamAV to scan uploads, experts points out that the “platform doesn’t appear to have effective filters in place to control what users can upload,” which has allowed these thousands of variations to linger on legitimate servers.
According to mobile threat intelligence reports published over the past year, fake AI apps are rapidly becoming one of the most effective lures for Android malware. About the Hugging Face spyware, experts cite the likelihood of falling in the trap as:
“In the most likely scenario, a user encounters an advertisement or similar prompt claiming the phone is infected and urging the installation of a security platform, often presented as free and packed with ‘useful’ features.”
Researchers from multiple firms have documented a surge in trojans masquerading as AI chatbots, image generators, VPNs, and crypto tools, with some campaigns spreading tens of thousands of infections before being detected. Android’s ability to sideload apps outside the Play Store continues to make it a prime target, especially in regions where unofficial app marketplaces are common.
Unfortunately, compromised devices can be weaponized for credential theft, financial fraud, corporate espionage, or even used as entry points into enterprise networks under bring your own device policies. Fortunately, Hugging Face has since removed the malicious datasets after being notified by the security firm.