First Generative AI-Powered Android Malware

- Before "PromptSpy", ESET discovered the first AI-powered ransomware, "PromptLock," in August 2025; this earlier malware uses a locally run AI model to dynamically generate malicious Lua scripts for data exfiltration and encryption on Windows and Linux systems. - The malware's primary function, beyond its novel persistence method, is to deploy a Virtual Network Computing (VNC) module, which grants attackers remote control over the infected device's screen and functions. - Analysis of the malware, including language localization clues, suggests it was developed by Chinese speakers for financially motivated campaigns primarily targeting Android users in Argentina. - Traditional Android malware often achieves persistence by abusing Accessibility Services to prevent uninstallation, modifying system files to run at boot, or using fileless techniques that hide malicious code in the device's memory. - While PromptSpy uses generative AI for persistence, it also employs conventional tactics, such as abusing Android's Accessibility Services to create invisible overlays that block manual uninstallation attempts by the user. - According to ESET researcher Lukáš Štefanko, who discovered the threat, using generative AI allows the malware to adapt its UI manipulation to a wide variety of Android devices, layouts, and OS versions, significantly expanding the potential pool of victims. - Google's Threat Intelligence Group has previously reported on other experimental malware, such as "PromptFlux," which also uses the Gemini API to obfuscate its code and evade detection, indicating a trend of attackers experimenting with AI for malicious purposes. - In response to the discovery, Google has stated that Android users with Google Play Services are automatically protected via Google Play Protect, which blocks known versions of this malware; ESET confirmed PromptSpy was never available on the Google Play Store.