Tech »  Topic »  Android Malware Taps Google Gemini at Runtime

Android Malware Taps Google Gemini at Runtime

2 weeks, 6 days ago   bankinfosecurity

Researchers Say PromptSpy Automates Persistence on Infected Devices Pooja Tikekar (@PoojaTikekar) • February 20, 2026

Image: Shutterstock

A newly discovered Android malware strain is using Google's Gemini generative artificial intelligence model to automate part of its persistence mechanism, marking what researchers describe as the second known case of AI-driven mobile malware.

See Also: The Healthcare CISO's Guide to Medical IoT Security

Security firm Eset dubbed the malware "PromptSpy," describing it as an early example of GenAI being embedded directly into operational Android malware to adapt to device environments and resist removal.

Researchers identified the malware in Android app packages uploaded to VirusTotal. Eset said it has not detected PromptSpy in product telemetry, and widespread in-the-wild deployment has not been confirmed. But the technical design shows how threat actors are experimenting with AI models to overcome traditional limitations in mobile malware automation.

The discovery follows Eset's August 2025 disclosure ...


Copyright of this story solely belongs to bankinfosecurity . To see the full text click HERE