First AI-Abusing Android Malware Found

- PromptSpy's main goal is to deploy a Virtual Network Computing (VNC) module, which grants attackers remote access to view the device's screen and perform actions in real-time. - The malware sends an XML dump of the user's current screen to Google's Gemini AI, which then provides step-by-step JSON instructions on how to navigate the specific device's user interface to "pin" the malicious app, preventing it from being easily closed. - In addition to its novel AI-driven persistence, PromptSpy's capabilities include capturing lockscreen PINs and passwords, recording pattern unlocks as video, and blocking uninstallation by creating invisible screen overlays. - ESET researcher Lukáš Štefanko discovered the malware; however, it has not been detected in ESET's telemetry, which suggests it may currently be a proof-of-concept. - This is the second AI-assisted malware discovered by ESET, following the AI-driven ransomware "PromptLock" found in August 2025. - Evidence such as language localization and distribution methods indicates a financially motivated campaign targeting users in Argentina, with the malware at one point impersonating the Morgan Chase bank. - Because PromptSpy blocks removal, the only way for a user to uninstall it is by rebooting the device into Safe Mode, which disables third-party applications. - The malware is an advanced version of a previously unknown malware named VNCSpy, with early samples first appearing on VirusTotal in January 2026.