First Android Malware Using Generative AI Discovered

- The malware, dubbed PromptSpy, sends a natural language prompt and an XML layout of the device's screen to the Gemini AI. Gemini then returns JSON-formatted instructions telling the malware where to tap or swipe to "lock" itself in the recent apps list, making it resistant to being closed. - This is the second AI-powered malware discovered by ESET Research, following the AI-driven ransomware called PromptLock found in August 2025. - The primary goal of PromptSpy is to deploy a Virtual Network Computing (VNC) module, which gives attackers remote access to view the screen and control the device. This allows them to record screen activity, capture the lockscreen PIN, and take screenshots. - Analysis of the malware's distribution vectors and language suggests it is a financially motivated campaign primarily targeting Android users in Argentina. The malware was distributed from a website impersonating the JPMorgan Chase bank in Argentina under the app name "MorganArg". - While not detected on the Google Play Store, ESET shared its findings with Google as part of the App Defense Alliance. Google Play Protect, which is on by default for Android users with Google Play Services, now automatically protects against known versions of this malware. - The malware uses invisible overlays to block uninstallation attempts, making it difficult to remove. The only way to successfully uninstall the malicious app is to reboot the device into Safe Mode, which disables third-party applications. - Though it's the first to use generative AI in its execution, PromptSpy is considered a proof of concept as it has not been widely detected in ESET's telemetry. However, debug strings in Simplified Chinese suggest the developers may be from a Chinese-speaking region.