First GenAI-Powered Android Malware Found
ESET researchers have discovered "PromptSpy," the first known Android malware to use generative AI in its execution. The malware abuses Google's Gemini AI model to guide malicious UI manipulation, enabling it to capture lockscreen data and block uninstallation. This marks the first time generative AI has been observed being deployed in this manner for persistence.
- The malware's primary function is to deploy a Virtual Network Computing (VNC) module, giving attackers remote control to see the screen and perform actions on the compromised device. - PromptSpy utilizes Google's Gemini to overcome UI variations across different Android devices and versions, a common hurdle for malware that relies on hardcoded screen interactions. - To prevent removal, the malware creates invisible overlays on the screen that block the user from tapping on "uninstall" or "force stop" buttons; the only way to remove it is by rebooting the device into Safe Mode. - This is the second AI-powered malware discovered by ESET researchers, following "PromptLock" in August 2025, which was identified as the first AI-driven ransomware. - The malware was distributed through a website impersonating JPMorgan Chase Bank with Spanish-language content, suggesting it primarily targets users in Argentina. - While not yet detected in ESET's telemetry, suggesting it could be a proof of concept, the existence of a dedicated distribution domain points to a possible active campaign. - Debug strings in the code written in Simplified Chinese suggest the malware may have been developed in a Chinese-speaking environment. - Google Play Protect automatically shields Android users from known versions of this malware, which has never been available on the official Google Play store.
