PromptSpy ushers in the era of Android threats using GenAI

ESET researchers uncovered the first known case of Android malware abusing generative AI for context-aware user interface manipulation. While machine learning has been used to similar ends already – just recently, researchers at Dr.WEB found Android.Phantom, which uses TensorFlow machine learning models to analyze advertisement screenshots and automatically click on detected elements for large scale ad fraud – this is the first time we have seen generative AI deployed in this manner. Because the attackers rely on prompting an AI model (in this instance, Google’s Gemini) to guide malicious UI manipulation, we have named this family PromptSpy. This is the second AI powered malware we have discovered – following PromptLock in August 2025, the first known case of AI-driven ransomware.

While generative AI is deployed only in a relatively minor part of PromptSpy's code – that responsible for achieving persistence – it still has a significant impact on the malware's ...