PromptSpy is the first Android malware to abuse Google’s Gemini AI, enabling persistence and advanced spying features. Security researchers at ESET have uncovered PromptSpy, the first known Android malware to exploit Google’s Gemini AI to maintain persistence. The malware can capture lockscreen data, block uninstallation attempts, collect device information, take screenshots, and record screen activity […] Network communication of malware and Gemini with prompt request and response shown in red rectangles The malware includes a VNC module for full remote control and communicates with its C2 server using AES-encrypted VNC traffic. It can steal PINs, record screens, take screenshots, and list installed apps. To prevent removal, it overlays invisible elements over uninstall buttons. Victims must reboot into Safe Mode to remove it. PromptSpy shows a new evolution in Android malware. By using generative AI to read and interpret on-screen elements, it can adapt to almost any device or interface. Instead of fixed tap coordinates, it sends a screen snapshot to AI and receives step-by-step instructions, making its persistence more resilient to UI changes. “More broadly, this campaign shows how generative AI can make malware far more dynamic and capable of real time decision making.” concludes the report. “PromptSpy is an early example of generative AI powered Android malware, and it illustrates how quickly attackers are beginning to misuse AI tools to improve impact.” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs hacking, PromptSpy)
Published: 2026-02-20T07:49:37