ESET Discovers 'PromptSpy' Android Malware
Security researchers at ESET have discovered the first known Android malware, named PromptSpy, that abuses generative AI to execute its functions. The malware uses prompts to a generative AI model, specifically Google's Gemini, to guide malicious UI manipulation and capture data like lockscreen credentials.
- The malware's primary function is to deploy a Virtual Network Computing (VNC) module, which grants attackers remote access to view the device's screen and perform actions in real-time. - To achieve persistence, PromptSpy sends an XML dump of the device's current screen to the Gemini model, which then returns JSON instructions telling the malware where to tap or swipe to pin itself to the recent apps list, making it resistant to system cleanup. - PromptSpy abuses Android's Accessibility Services to carry out its instructions and to prevent its own removal by placing invisible overlays on uninstall buttons. The only effective removal method is to reboot the device into Safe Mode, which disables third-party apps. - This is the second AI-powered malware discovered by ESET Research; the first was "PromptLock," an AI-driven ransomware identified in August 2025. - The malware, named "MorganArg," impersonates the Morgan Chase bank and appears to specifically target users in Argentina through a dedicated website, not the Google Play Store. - While not yet detected in the wild on ESET's telemetry, suggesting it may be a proof-of-concept, analysis of the code indicates with medium confidence that it was created in a Chinese-speaking environment. - Google Play Protect is enabled by default on Android devices with Google Play Services and automatically protects users against known versions of this malware.
