New Malware Abuses Generative AI
ESET researchers have discovered the first known Android malware, named PromptSpy, that uses generative AI in its execution. The malware abuses Google’s Gemini AI model by prompting it to guide malicious user interface manipulations. This novel technique allows the malware to capture lockscreen data and achieve persistence on the device.
- The malware's primary function is not the AI component itself, but rather to deploy a Virtual Network Computing (VNC) module, which gives attackers remote access to see the device's screen and perform actions. - PromptSpy sends an XML dump of the user's current screen to the Gemini model, which then returns step-by-step JSON instructions telling the malware where to tap or swipe to "lock" the malicious app in the recent apps list. - Beyond its AI-driven persistence, the malware is equipped to capture lockscreen PINs, passwords, and patterns; block uninstallation attempts using invisible overlays; and record screen activity. - This is the second AI-powered malware discovered by ESET researchers, following the AI-driven ransomware "PromptLock" which was identified in August 2025. - Evidence such as debug strings written in simplified Chinese suggests the malware was developed in a Chinese-speaking environment, while language localization clues indicate its primary targets are users in Argentina. - The malware, which has not been found on the official Google Play Store, is distributed via a dedicated website and may be a "proof of concept" at this stage, as it has not yet been widely detected in the wild. - Google has been informed by ESET, an App Defense Alliance partner, and Android users are automatically protected from known versions of PromptSpy through Google Play Protect.
