Android malware taps Gemini to navigate infected devices

Cybersecurity researchers say they've spotted the first Android malware strain that uses generative AI to improve performance once installed. But it may be only a proof of concept.

ESET calls it PromptSpy, malware whose primary goal is to deploy a VNC module that hands hackers remote control of infected devices.

The Slovak security shop's experts said PromptSpy comes with capabilities to instruct Google's Gemini chatbot to interpret parts of the device's user interface using natural language prompts.

These prompts allow the malware to examine the user interface, which then informs the gestures it needs to execute on the device in order to keep the malicious app pinned to its recent apps list.

Lukas Stefanko, malware researcher at ESET, said the use of GenAI amounts to only a small portion of the malware's toolkit, but allows it to adapt to different devices.

"The AI model and ...