First Android Malware Using Generative AI Discovered

- The malware's primary function is to deploy a Virtual Network Computing (VNC) module, which grants attackers remote access to view the device's screen in real-time and gain full control. This allows them to perform gestures, input text, and intercept data like lockscreen PINs. - To understand the user interface, PromptSpy sends an XML dump of the current screen layout to the AI model. The AI then responds with precise JSON instructions, guiding the malware on where to tap or swipe to achieve its goal of pinning itself to the recent apps list for persistence. - This AI-guided navigation makes the malware highly adaptable, allowing it to function across various Android devices, screen layouts, and OS versions, a significant advantage over traditional malware relying on hardcoded interaction scripts. - The attack relies on abusing Android's Accessibility Services, a common tactic for mobile malware, to execute the AI-directed taps and gestures without user input and to prevent uninstallation by creating invisible overlays on the screen. - ESET researchers note this is the second AI-powered malware they have discovered, following the "PromptLock" ransomware found in August 2025. Other threat actors use generative AI tools like WormGPT and DarkBard to create malicious scripts and phishing emails. - The campaign is believed to be financially motivated and primarily targets users in Argentina through a dedicated website, not the official Google Play Store. Code analysis revealed Chinese language strings, suggesting the developer's origin. - Although not yet widely detected, which may indicate it is a proof of concept, Android users are automatically protected from known versions by Google Play Protect. If infected, the only way to remove the malware is by rebooting the device into Safe Mode to uninstall the application.