First Android Malware Using Gen AI Discovered

- The malware's primary function is to deploy a Virtual Network Computing (VNC) module, giving attackers remote access to view an infected device's screen and perform actions in real time. Other capabilities include intercepting lockscreen PINs, recording the pattern unlock as a video, and blocking uninstallation attempts with invisible overlays. - PromptSpy uses Gemini to overcome the variety of user interfaces across different Android devices and versions. It sends an XML dump of the current screen to the AI, which then returns precise JSON instructions for the malware to perform gestures, like taps and swipes, to "lock" the malicious app in the recent apps list. - This is the second known instance of AI-powered malware discovered by ESET Research, following the AI-driven ransomware "PromptLock" found in August 2025. While other malware has used machine learning, PromptSpy is the first known Android threat to use generative AI in its active execution flow. - Evidence suggests the malware campaign is financially motivated and primarily targets users in Argentina, with samples uploaded to VirusTotal from that country. The malicious app, named "MorganArg," impersonates the Chase Bank brand. - The malware was not found on the Google Play Store but was distributed through a dedicated website. Google Play Protect, which is on by default for Android users with Google Play Services, automatically protects against known versions of this threat. - Based on Simplified Chinese elements in the code and other localization clues, researchers at ESET believe with medium confidence that PromptSpy was created in a Chinese-speaking environment.