ESET Discovers First Android Malware Using Generative AI

- PromptSpy's primary function is to deploy a Virtual Network Computing (VNC) module, which grants attackers remote access to view the device's screen and perform actions. This enables them to capture lockscreen PINs or passwords, record the screen to get unlock patterns, and take screenshots. - The malware sends an XML file with user interface data to Google's Gemini, which then returns JSON instructions on where to tap or swipe to lock the malware in the "recent apps" list, ensuring it survives a reboot. This makes the malware highly adaptable to different device layouts and operating system versions. - To prevent removal, PromptSpy overlays transparent rectangles over buttons containing words like "uninstall" or "force stop," which intercept user taps and make manual deletion difficult. The only way for a user to remove the malware is by rebooting the device into Safe Mode. - While PromptSpy is the first Android malware to use generative AI for in-execution UI manipulation, ESET previously discovered a proof-of-concept AI-driven ransomware called PromptLock in August 2025. Another malware, Android.Phantom, has used TensorFlow machine learning models for ad fraud. - Evidence suggests the malware was created by Chinese developers and is financially motivated, with a distribution domain that impersonated JPMorgan Chase Bank to target users in Argentina. - Despite its novel use of AI, PromptSpy has not yet been widely detected by ESET's telemetry, leading researchers to believe it may currently be a proof-of-concept rather than a widespread threat.