Android Malware 'PromptSpy' Uses GenAI

- The primary function of PromptSpy is to deploy a Virtual Network Computing (VNC) module, which grants attackers remote access to view and control the victim's device. Its capabilities include capturing screenshots, recording screen activity as video, and intercepting lockscreen PINs or passwords. - PromptSpy's use of generative AI is specifically for persistence; it uses Google's Gemini to interpret the device's user interface and provide instructions on how to "lock" or "pin" the malicious app in the recent apps list, making it less likely to be terminated by the system. This allows the malware to adapt to various device layouts and Android versions, expanding the potential pool of victims. - This is the second AI-powered malware discovered by ESET Research, following the AI-driven ransomware "PromptLock" in August 2025. PromptSpy is considered an advanced version of a malware named "VNCSpy," which first appeared on VirusTotal in January 2026 with samples uploaded from Hong Kong. - Based on language localization clues and distribution vectors, the campaign appears to be financially motivated and primarily targets users in Argentina. Evidence also suggests the malware was developed in a Chinese-speaking environment. - The malware is distributed through a dedicated website and has not been available on the Google Play Store. As a partner in the App Defense Alliance, ESET shared its findings with Google, and Google Play Protect automatically protects Android users against known versions of this malware. - To remove PromptSpy, a user must reboot their device into Safe Mode, which disables third-party apps and allows for uninstallation without interference from the malware's overlays. The malware uses invisible overlays to block uninstallation attempts in normal operating mode.