ESET Discovers 'PromptSpy' Android Malware

- The malware's core function is to deploy a Virtual Network Computing (VNC) module, giving attackers remote screen viewing and full control over the compromised Android device. This is enabled by abusing Android's Accessibility Services, which the user is prompted to approve. - To achieve persistence, PromptSpy sends an XML dump of the current screen's UI elements to Google's Gemini AI. Gemini then returns step-by-step JSON instructions telling the malware where to tap or swipe to "lock" itself in the recent apps list, preventing it from being easily closed. - Samples of PromptSpy uploaded to VirusTotal originated from Hong Kong and Argentina, with the campaign primarily targeting users in Argentina through a dedicated website impersonating the Morgan Chase bank. The malware has not been found on the Google Play Store. - To block uninstallation, the malware uses its Accessibility Service permissions to place invisible overlays on top of buttons like "Uninstall" or "Force Stop," intercepting user taps and preventing the removal of the malicious app. The only effective removal method is to reboot the device into Safe Mode. - While other malware has utilized machine learning (like the Android.Phantom trojan using TensorFlow), PromptSpy is considered the first known instance of Android malware using a *generative* AI model as part of its active execution flow. - Analysis by ESET suggests with medium confidence that the malware was created in a Chinese-speaking environment, based on debug strings and code elements written in simplified Chinese. - The malware's capabilities, enabled via the VNC module and Accessibility Services, include intercepting lockscreen PINs, recording pattern unlock screens as video, and exfiltrating lists of installed applications.