First AI-Abusing Android Malware Discovered

- The malware's primary function is to deploy a Virtual Network Computing (VNC) module, granting attackers complete remote access and control over the compromised device. This allows for real-time screen viewing and interaction, effectively bypassing the need for physical access. - PromptSpy uses Google's Gemini not to create novel attacks, but to enhance its persistence on a device. It sends an XML dump of the current screen to the AI, which then returns precise instructions on how to navigate the user interface to "pin" the malicious app in the recent apps list, preventing easy termination. - Beyond its use of AI, PromptSpy is a full-featured spyware capable of capturing screenshots, recording all screen activity as video, and intercepting lockscreen PINs or patterns. It also leverages Android's Accessibility Services to block its own uninstallation by creating invisible overlays on system menus. - This malware is an evolution of a previously identified threat known as VNCSpy and appears to be part of a financially motivated campaign targeting users in Argentina. The malware was distributed via a website masquerading as a JPMorgan Chase application, rather than through the official Google Play Store. - The AI model and the initial prompt are hardcoded into the malware, meaning it cannot be dynamically changed by the attackers, and its current AI-driven capability is limited to ensuring persistence. - While discovered by security firm ESET, PromptSpy has not yet been widely observed in their telemetry, which may indicate it is currently a proof-of-concept or in limited, targeted use. Code analysis suggests developers from China may be behind its creation. - Removal of PromptSpy requires rebooting the Android device into Safe Mode, which disables third-party applications and allows for the malware to be uninstalled without interference from its self-protection mechanisms.