Researchers Discover First Android Malware Using GenAI

- The malware's primary function is to deploy a Virtual Network Computing (VNC) module, which allows attackers to remotely view the infected device's screen and perform actions. This is supplemented by capabilities to record screen activity, capture lockscreen data, and take screenshots. - While the use of generative AI is a key feature, it is specifically employed for a secondary purpose: achieving persistence. PromptSpy uses Google's Gemini to analyze the user interface and provide instructions on how to pin the malicious app to the recent apps list, making it harder for users or the system to terminate it. - PromptSpy also uses traditional malware techniques, such as abusing Android's Accessibility Services to execute the AI-guided taps and swipes, and to block uninstallation attempts by placing invisible overlays on the screen. - This is the second AI-powered malware discovered by ESET Research, following a ransomware variant named PromptLock which was identified in August 2025. - Based on language clues in the code and observed distribution methods, the campaign is believed to be financially motivated and primarily targeting Android users in Argentina. Samples of the malware were first uploaded to VirusTotal from Hong Kong, with more advanced versions later uploaded from Argentina. - The malware, which appears to be an advanced version of a previously known family called VNCSpy, is distributed via a dedicated website and has not been found on the official Google Play Store. Google Play Protect does, however, automatically protect users from known versions of this threat. - ESET researchers have attributed the malware's development to a Chinese-speaking environment with medium confidence, though it has not been linked to a specific threat actor. - Although it is a fully functional piece of malware, ESET has not yet observed active infections in its telemetry, suggesting that PromptSpy may currently be a proof of concept.