Malware Uses GenAI for Attacks

- The malware's primary function is to deploy a Virtual Network Computing (VNC) module, which gives attackers the ability to remotely view and control the infected device's screen. - To achieve persistence, PromptSpy sends an XML dump of the device's current screen to the Gemini model, which then returns JSON-formatted instructions on where to tap to "lock" the app in the recent apps list, preventing it from being easily closed. - This AI-guided approach makes the malware highly adaptable, as it can navigate user interfaces across various devices, screen layouts, and OS versions, unlike malware that relies on hardcoded coordinates. - In addition to its AI-driven persistence, PromptSpy abuses Android's Accessibility Services to capture lockscreen PINs, passwords, and pattern unlocks, as well as record screen activity. - Analysis of the malware suggests a financially motivated campaign targeting users primarily in Argentina, with the malicious app impersonating the Morgan Chase banking brand. - While this is the first Android malware known to use generative AI for its execution, ESET previously identified an AI-driven ransomware called PromptLock in August 2025. - Researchers have not yet observed PromptSpy in broad telemetry, leading to the assessment that it may currently be a proof of concept rather than a widespread in-the-wild threat. - Due to its use of invisible overlays to block removal, the only way for a user to uninstall PromptSpy is by rebooting the device into "Safe Mode," which disables third-party apps.