First AI-Abusing Android Malware 'PromptSpy' Discovered

- The malware's primary function is to deploy a Virtual Network Computing (VNC) module, giving attackers remote access to view the device's screen and perform actions. Other capabilities include capturing lockscreen PINs, passwords, and patterns, as well as recording screen activity. - To achieve persistence, PromptSpy sends an XML dump of the current screen to Google's Gemini AI with a natural language prompt. The AI then returns JSON instructions telling the malware where to tap or swipe to "lock" the malicious app in the recent apps list, preventing it from being easily closed. - PromptSpy also abuses Android's Accessibility Services to prevent its removal. It places invisible overlays on top of buttons like "Uninstall" or "Force Stop," which intercept user taps and block the action. - The malware is believed to be an advanced version of a previously unknown Android threat called VNCSpy. Analysis by ESET researcher Lukáš Štefanko suggests the campaign is financially motivated and primarily targets users in Argentina, with the malware masquerading as an app for the Morgan Chase bank called "MorganArg". - This is the second AI-powered malware discovered by ESET Research, following the AI-driven ransomware "PromptLock" found in August 2025. - While not observed on Google Play, the malware was distributed through dedicated phishing websites. Users with Google Play Services are protected by Google Play Protect, which blocks known versions of this malware. To remove the malware, users must reboot their device into Safe Mode.