ESET Discovers First Android Malware Using Generative AI

- PromptSpy's primary function is to act as spyware, deploying a VNC module that gives attackers remote control of the infected device. Its capabilities include intercepting lockscreen PINs, recording the screen, and capturing user gestures. - The malware sends an XML dump of the device's current screen to the Gemini API, which then returns JSON-formatted instructions telling the malware where to tap or swipe to "pin" itself to the recent apps list, making it harder for the user to close. This allows the malware to adapt to various Android device layouts and OS versions, expanding its potential victim pool. - To prevent removal, PromptSpy uses the device's Accessibility Services to create invisible overlays on top of "Uninstall" or "Disable" buttons, which intercept the user's taps. The only way to remove the malware is to reboot the device into Safe Mode. - While not yet detected in ESET's telemetry, suggesting it might be a proof-of-concept, samples were uploaded to VirusTotal from Argentina, and the malware appears to impersonate the Morgan Chase bank in Argentina under the name "MorganArg". Debug strings in the code suggest it was developed by Chinese speakers. - This is the second AI-powered malware discovered by ESET, following the AI-driven ransomware "PromptLock" found in August 2025, which turned out to be a research project from New York University. - The abuse of Google's Gemini is not limited to PromptSpy; state-sponsored groups from Iran, China, North Korea, and Russia have used the platform for reconnaissance, malware development, and phishing campaigns. For example, a malware called HONESTCUE used the Gemini API to generate malicious C# code on demand to evade detection.