ESET Discovers 'PromptSpy' Malware Using Generative AI

- The malware's primary function is to deploy a Virtual Network Computing (VNC) module, which allows attackers to remotely view and control the infected Android device. - PromptSpy uses Google's Gemini model to dynamically overcome UI variations across different Android devices and OS versions, a significant advancement from traditional malware that relies on hardcoded interactions. It sends an XML dump of the screen's UI elements to Gemini, which then returns JSON instructions for the malware to execute gestures like tapping or swiping to "lock" itself in the recent apps list for persistence. - Beyond its use of AI for persistence, PromptSpy abuses Android's Accessibility Services to perform a range of malicious actions, including capturing lockscreen PINs and patterns, recording screen activity, taking screenshots, and blocking uninstallation attempts with invisible overlays. - This is the second AI-powered malware discovered by ESET Research, following the "PromptLock" ransomware found in August 2025. - Evidence such as debug strings written in simplified Chinese suggests the malware was created by Chinese-speaking developers. It is considered an advanced version of a previously identified malware named VNCSpy. - The malware is distributed through a dedicated website and has not been found on the Google Play Store. Language localization clues indicate the campaign is financially motivated and primarily targets users in Argentina. - Google Play Protect automatically shields Android users from known versions of this malware. To manually remove PromptSpy, a user must reboot the device into Safe Mode, which disables third-party apps and allows for uninstallation. - While not yet detected in ESET's telemetry, suggesting it might be a proof of concept, the discovery points to a new trend where attackers use AI to make malware more adaptive and resilient.