First Android Malware Using Generative AI Discovered

- The malware's primary function is to deploy a Virtual Network Computing (VNC) module, which allows attackers to remotely view the screen and control the device. This enables them to capture screenshots, record screen activity, and gather device information. - PromptSpy uses Google's Gemini AI specifically to achieve persistence on an infected device. It sends a prompt to the AI along with an XML file of what's on the screen, and Gemini returns instructions on how to perform the specific gestures needed to "lock" the malicious app in the recent apps list, preventing it from being easily closed. - This marks the second instance of AI-powered malware discovered by ESET Research. The first was a ransomware strain named PromptLock, found in August 2025. - The malware also abuses Android's Accessibility Services to block users from uninstalling it. It places invisible overlays on the screen to intercept taps on buttons like "uninstall" or "force stop". - Based on language clues within the code and its distribution methods, the campaign is believed to be financially motivated and primarily targeting users in Argentina. However, it has not been widely detected, suggesting it may currently be a proof of concept. - PromptSpy is not distributed through the Google Play Store but via a dedicated website. Google Play Protect can block known versions of the malware. - To remove PromptSpy, users must reboot their device into Safe Mode. This disables third-party apps, allowing the malicious app to be uninstalled normally.