Security researchers at ESET have identified a new Android malware family that uses Google Gemini as part of its execution flow. ESET describes it as the first known Android threat to abuse a generative AI model in this way.
The malware, PromptSpy, is designed to give attackers remote access to an infected phone while resisting removal. According to ESET, it can capture lock screen data, collect device details, take screenshots, and record the screen as video, while also working to block uninstallation attempts.
The malware’s main capability is a built-in VNC component that allows an operator to view the victim’s screen and interact with the device remotely once the required permissions are granted.
The generative AI component is used to help the malware achieve persistence. Instead of relying on hardcoded taps or fixed interface assumptions that can break across devices, PromptSpy feeds Gemini a snapshot of the current screen as XML describing interface elements and their positions. Gemini responds with structured instructions that tell the malware what action to take and where to perform it. This loop continues until the app is successfully locked in the recent apps screen.
ESET reports that PromptSpy has been distributed through dedicated websites and has not been seen on Google Play. Using a generative model to interpret on-screen UI and return action instructions reduces the brittleness of traditional mobile automation used by malware. It also shows how attackers can combine Accessibility abuse with more flexible decision-making to improve malware persistence on devices.
Android users should avoid installing apps from links and third-party sites unless the source is trusted. Requests to enable Accessibility should be reviewed with scrutiny, especially from unfamiliar apps. If an unknown app resists removal, rebooting the device into Safe Mode can help, as third-party apps are disabled in that state. Learn more on Google’s support center article here.
Google Play Protect is also highly recommended, as it regularly scans device applications for known threats. This can be verified in the Play Store under Settings >> Google Play Protect.
Leave a Reply