First Android Malware Using GenAI Discovered

- The malware's primary function is to install a Virtual Network Computing (VNC) module, granting attackers remote access to view the device's screen and perform actions. It also captures lockscreen data, records screen activity, and uses invisible overlays to block uninstallation attempts. - PromptSpy uses Google's Gemini model specifically to achieve persistence on an infected device. It sends an XML dump of the current screen to the AI, which then returns JSON-formatted instructions on where to tap or swipe to "pin" the malicious app to the recent apps list, making it harder to close. - While the generative AI component is key to its adaptability across different Android devices and layouts, the AI model and prompts are predefined within the malware's code and cannot be changed by the attacker remotely. - The malware, identified by security firm ESET, has not been found on the Google Play Store and is distributed through dedicated websites. Evidence suggests the app, named "MorganArg," impersonates the Morgan Chase bank and specifically targets users in Argentina. - ESET researchers note that they have not yet observed PromptSpy in their telemetry, suggesting it may be a proof of concept rather than a widespread threat at this time. - Development clues, such as the presence of Simplified Chinese in the code, suggest the malware was created in a Chinese-speaking environment. - This is the second AI-powered malware discovered by ESET, following the AI-driven ransomware "PromptLock" found in August 2025. - To remove PromptSpy, users must reboot their device into Safe Mode, which disables third-party apps and allows for normal uninstallation, bypassing the malware's uninstall blockers.