First Android Malware Using Gen-AI Discovered

- While PromptSpy is the first Android malware to use generative AI for in-execution guidance, it is the second AI-powered malware discovered by ESET Research, following the AI-driven ransomware PromptLock in August 2025. - The malware's primary function is to install a Virtual Network Computing (VNC) module, giving attackers remote access to the infected device. It also uses Accessibility Services to block uninstallation attempts with invisible overlays and can record screen activity. - PromptSpy sends an XML dump of the device's current screen to the Gemini model, which then returns JSON instructions for the malware to perform taps and other gestures needed to keep the app pinned in the recent apps list. This makes the malware adaptable to various Android versions and device layouts. - The campaign is believed to be financially motivated and primarily targets users in Argentina through a phishing site impersonating the Morgan Chase bank. The malicious app is named "MorganArg," likely a shortened version of "Morgan Argentina." - Although not yet detected in ESET's telemetry, suggesting it might be a proof of concept, versions of PromptSpy were uploaded to VirusTotal from Argentina in January 2026. - The number of detected Android threats grew by nearly 50% in 2025, with Trojan bankers showing almost a fourfold increase in attacks globally. - To remove PromptSpy, a user must reboot their device into Safe Mode, which disables third-party apps and allows for normal uninstallation. - Google Play Protect automatically shields Android users from known versions of this malware; however, PromptSpy was never available on the Google Play store and is distributed via dedicated websites.