First Android Malware Using Generative AI Discovered
ESET researchers have discovered "PromptSpy," the first known Android malware to use generative AI in its execution. The threat abuses Google’s Gemini AI model to guide malicious UI manipulation, enabling it to achieve persistence and capture lockscreen data.
- The malware's primary innovation is using generative AI to overcome Android UI fragmentation. Instead of relying on hardcoded screen coordinates which fail across different device models and OS versions, PromptSpy sends an XML dump of the current screen to the Gemini model, which then returns precise, step-by-step instructions for the malware to execute gestures and achieve persistence. - While the AI is only used for the persistence mechanism, the main payload is a Virtual Network Computing (VNC) module. This gives attackers remote access to the device's screen, allowing them to perform actions, capture lockscreen data, take screenshots, and record screen activity. - This is the second AI-powered malware discovered by ESET Research, following their discovery of "PromptLock" ransomware in August 2025. While other malware has used machine learning for tasks like ad fraud, PromptSpy is the first known instance of generative AI being used for dynamic, context-aware UI manipulation in a live attack flow. - The malware communicates with its command-and-control (C&C) server using the VNC protocol, with all communications being AES-encrypted. The malware can receive a Gemini API key from the C&C server, upload the list of installed apps, and intercept lockscreen PINs or passwords. - Based on language clues and distribution vectors, the campaign appears to be financially motivated and primarily targets users in Argentina, with the malicious app impersonating the Morgan Chase bank under the name "MorganArg". - Currently, PromptSpy has not been detected in ESET's telemetry, leading researchers to believe it may be a proof of concept. The samples analyzed were uploaded to VirusTotal from Argentina on February 10th, 2026, and are considered an advanced version of a previous malware called VNCSpy. - To remove the malware, a user must reboot the device into Safe Mode. This is because PromptSpy uses the Accessibility Services to create invisible overlays on the screen that block uninstallation attempts in the standard operating mode.
