First AI-Powered Android Malware Discovered
Security firm ESET has discovered the first known Android malware to use generative AI in its execution. Dubbed "PromptSpy," the threat abuses Google's Gemini AI to guide malicious user interface manipulation, allowing it to achieve persistence and capture lockscreen data. The malware's reliance on prompting an AI model represents a novel attack vector for mobile devices.
- The malware's primary function is to deploy a Virtual Network Computing (VNC) module, which grants the attacker remote access to and control over the infected device's screen and functions. - This is the second AI-assisted malware strain discovered by ESET, following the "PromptLock" ransomware identified in August 2025. - To achieve persistence, PromptSpy sends an XML dump of the device's current screen to the Gemini model, which then returns step-by-step JSON instructions on how to navigate the UI to pin the malicious app in the "recent apps" list. - The campaign is believed to be financially motivated and has primarily targeted Android users in Argentina through phishing websites impersonating the Morgan Argentina brand of a bank. - Beyond its AI-driven persistence, the malware can also block uninstallation attempts with invisible overlays, capture lockscreen data, and record screen activity. - According to ESET researcher Lukáš Štefanko who discovered the threat, PromptSpy has not yet been detected in ESET's telemetry, suggesting it may currently be a proof of concept. - Google Play Protect is enabled by default on Android devices with Google Play Services and automatically blocks known versions of this malware. - To manually remove PromptSpy, a user must reboot the infected device into Safe Mode, which disables third-party apps and allows for uninstallation.
