First Android Malware Using Generative AI Discovered

- The malware's primary function is to deploy a Virtual Network Computing (VNC) module, which gives attackers remote access to view the device's screen and perform actions. - PromptSpy uses Google's Gemini by sending it an XML dump of the device's screen; the AI then returns precise JSON instructions for gestures like taps and swipes to navigate the user interface of any Android version or layout. - This is the second AI-assisted malware discovered by ESET, following the AI-driven ransomware "PromptLock" found in August 2025. - The generative AI component is specifically used to achieve persistence by "locking" the malicious app in the recent apps list, which prevents it from being easily closed. - To execute its functions, including the AI-guided taps and blocking its own uninstallation, the malware requires the user to grant it powerful Accessibility Services permissions—a common tactic for advanced Android trojans. - Based on language localization and the malware's name, "MorganArg," which appears to impersonate Morgan Chase bank, the campaign seems to be financially motivated and targeted at users in Argentina. - Google's Threat Intelligence Group has also reported state-sponsored actors from Russia, North Korea, and Iran using LLMs like Gemini to accelerate their operations for reconnaissance and scripting. - Because PromptSpy has not yet been observed in ESET's telemetry, researchers believe it may currently be a proof of concept rather than a widely distributed threat.