First Android Malware Using Generative AI Discovered

- The malware's primary function is to deploy a Virtual Network Computing (VNC) module, giving attackers the ability to remotely view the infected device's screen and execute actions. This allows for a full takeover of the device's functions. - While the use of generative AI is for a secondary purpose, it is critical for the malware's adaptability; by using Google's Gemini to interpret the user interface, PromptSpy can dynamically adjust to various screen layouts and Android versions to maintain persistence. - This is the second instance of AI-powered malware discovered by ESET Research, the first being a ransomware tool named 'PromptLock' which was identified in August 2025. - The malware communicates with its command-and-control server using AES encryption and can carry out a range of malicious activities including capturing lockscreen data, recording video of the screen, taking screenshots, and blocking uninstallation attempts with invisible overlays. - Based on localization clues in the code and observed distribution vectors, the campaign is believed to be financially motivated and primarily targeting Android users in Argentina. The malicious app, named 'MorganArg', was distributed via a website impersonating Chase Bank. - ESET researchers have indicated that there are elements in the code, specifically Simplified Chinese, that suggest the developer of PromptSpy may be from a Chinese-speaking background. - To remove PromptSpy, a user must reboot the device into Safe Mode, which disables third-party apps, allowing for the malware to be uninstalled normally. - While not yet detected in ESET's telemetry, suggesting it could be a proof of concept, a likely distribution domain has been identified, indicating a variant may be actively targeting users.