Malware Uses Generative AI to Attack Android
ESET researchers have discovered "PromptSpy," the first known Android malware to use generative AI in its execution. The malware abuses AI models, specifically Google's Gemini, by using prompts to guide malicious manipulation of the user interface. This technique allows the malware to achieve persistence on the device and capture sensitive data, such as lockscreen information.
- The core of PromptSpy's functionality is not its use of AI, but a built-in Virtual Network Computing (VNC) module that gives attackers remote access to an infected device. This allows them to see the screen in real-time and perform actions as if they were physically holding the device. - The malware abuses Android's Accessibility Services to execute the instructions it receives from the Gemini AI. This allows it to perform gestures like taps and swipes without any user interaction to achieve its goal of remaining pinned in the recent apps list. - PromptSpy sends a natural language prompt and an XML file containing details of the on-screen UI elements to Google's Gemini. Gemini then returns JSON-formatted instructions, telling the malware where to tap or swipe to "lock" the app in the recent apps list, making it resistant to being closed. - To prevent its removal, PromptSpy overlays transparent rectangles over on-screen buttons like "Uninstall" or "Force Stop". These invisible overlays intercept user taps, making it necessary to reboot the device into Safe Mode to remove the malicious app. - While PromptSpy is the first Android malware to use generative AI in its execution, a previous ransomware found by ESET in 2025, named PromptLock, also utilized AI. Samples of PromptSpy were first uploaded to VirusTotal from Argentina in February 2026. - For the insurance sector, the rise of AI-powered threats like PromptSpy complicates cyber risk modeling. Actuaries face challenges in quantifying these dynamic and rapidly evolving risks due to a lack of historical data, which is a departure from traditional actuarial models that rely on stable risk patterns. - From an engineering leadership perspective, mitigating AI-related security risks requires a proactive approach. This includes implementing secure AI development practices, regularly auditing AI models for security weaknesses, and fostering a culture of collaboration between development and security teams. - For product managers in consumer-facing industries, the integration of AI necessitates a strong focus on security and privacy. It is crucial to implement safeguards, such as rigorous testing and regular audits, to prevent AI systems from being exploited or inadvertently exposing sensitive user data.
