First Android Malware Using Generative AI Discovered

- PromptSpy's primary function is to deploy a Virtual Network Computing (VNC) module, giving attackers the ability to remotely view an infected device's screen and take full control. This allows for a range of malicious activities, including intercepting lockscreen PINs, recording unlock patterns, and taking screenshots. - The malware sends a natural language prompt and an XML file of the on-screen UI elements to the Gemini AI. Gemini then provides JSON-based instructions telling the malware where to tap or swipe to "lock" the malicious app in the recent apps list, a method that helps it survive device reboots. - While PromptSpy is the first Android malware to use *generative AI*, other malware has previously utilized *machine learning*. For example, the Android.Phantom malware used TensorFlow models to analyze advertisement screenshots for automated ad fraud. - To prevent its removal, PromptSpy abuses Android's Accessibility Services to create invisible overlays on top of buttons containing words like "Uninstall" or "stop". This tactic intercepts user taps, making it difficult to disable the malware through standard menus. - The only effective way for a user to remove PromptSpy is to reboot the device into Safe Mode, which disables third-party apps. From there, the user can navigate to the app settings and uninstall the malicious application, named "MorganArg," without interference. - ESET researchers, who discovered the malware, assess with medium confidence that PromptSpy was created by Chinese developers, based on Simplified Chinese elements in the code. The distribution campaign appears to be financially motivated and primarily targets users in Argentina by impersonating the Morgan Chase bank. - The malware was not found on the official Google Play Store but was distributed through a dedicated website. As of its discovery, ESET had not observed active infections, suggesting it might be a proof-of-concept.