First Android Malware Using Generative AI Discovered

- The malware's primary function is to deploy a Virtual Network Computing (VNC) module, which gives attackers remote access to view the device's screen and perform actions. Its other capabilities include capturing lockscreen PINs, passwords, and patterns, as well as recording screen activity. - PromptSpy uses Gemini by sending it an XML dump of the current screen; the AI then returns JSON-formatted instructions telling the malware where to tap or swipe to "pin" itself to the recent apps list, preventing easy termination. This makes the persistence technique adaptable across different Android devices and layouts, which is a limitation for malware using hardcoded interactions. - To prevent removal, the malware places invisible overlays over user interface buttons like "Uninstall" or "Force Stop," intercepting the user's taps. The only way for a user to remove the malware is to reboot the device into Safe Mode, which disables third-party apps. - This is the second AI-assisted malware strain discovered by ESET, following "PromptLock," which was identified as the first AI-driven ransomware in August 2025. - Analysis of the malware samples suggests a financially motivated campaign that appears to primarily target users in Argentina. The malware was distributed via a website impersonating the Morgan Chase bank, with the app name "MorganArg". - While samples were uploaded to VirusTotal from Argentina, debug strings in the code are in Simplified Chinese, suggesting the developers may be from a Chinese-speaking environment. - Google has previously reported that government-backed hacking groups from China, Iran, and North Korea are using Gemini for various cyberattack tasks, including malware creation, vulnerability research, and developing phishing content. - Although PromptSpy has not been widely detected in ESET's telemetry, suggesting it might be a proof-of-concept, dedicated distribution domains were found, indicating it may have been used in targeted attacks.