PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence

Researchers at ESET have analyzed what they describe as the first Android malware to leverage generative AI during its execution.

Named PromptSpy, the malware deploys a VNC module on compromised systems, enabling its operators to view the victim’s screen and take full control of the Android device.

In addition, PromptSpy can collect device information, capture the lockscreen PIN or password, record the screen to obtain the device’s unlock pattern, and take screenshots.

For persistence, the Android malware uses a novel approach at runtime that involves sending a prompt to Google’s Gemini gen-AI chatbot along with an XML file containing data about the various UI elements displayed on the screen, including their type, text, and position.

Gemini uses this information to tell PromptSpy — via JSON instructions — where to tap or swipe on the screen in order to add the malware to the list of recent apps. The malware ...