Cybersecurity researchers have identified a new Android malware strain that exploits generative artificial intelligence to strengthen its grip on infected devices and assist remote attackers.
The malicious software, dubbed “PromptSpy,” was uncovered by researchers at ESET. According to the firm, the malware is the first known Android threat to integrate Google Gemini into its execution flow, using the AI model at runtime to analyze on-screen content and guide automated actions.
Researchers say the primary objective of PromptSpy is to deploy a built-in virtual network computing (VNC) module that allows attackers to gain remote access to compromised devices. By leveraging Android’s accessibility services, the malware can block removal attempts through invisible overlays and keep itself persistently active.
“Gemini is used to analyze the current screen and provide PromptSpy with step-by-step instructions on how to ensure the malicious app remains pinned in the recent apps list,” said Lukáš Štefanko, a researcher at ESET, in a report published on Thursday. “Since Android malware often relies on UI navigation, leveraging generative AI enables threat actors to adapt to almost any device, layout, or OS version.”
AI-Driven Persistence
Once installed, Gemini reportedly returns precise instructions — such as where to tap on the screen — enabling the malware to anchor itself in the device’s recent apps list and resist attempts to swipe it away or terminate it.
The technique allows PromptSpy to dynamically adapt to varying screen layouts, operating system versions, and interface changes, significantly expanding its potential victim base.
Security analysts say this marks a notable evolution in mobile threats, as AI is used not just for reconnaissance but for real-time operational decision-making.
Remote Control and Data Theft
Beyond persistence, PromptSpy can capture lock screen information, collect detailed system data, take screenshots, record on-screen activity and exploit accessibility features to block uninstallation.
Its built-in VNC module establishes a covert command-and-control channel with a hard-coded server using encrypted communication. This effectively grants attackers remote control over the infected device.
Distribution appears to be taking place through third-party websites rather than official app stores. Researchers say the initial dropper disguises itself as a legitimate application or software update, tricking users into granting permissions that activate the malicious components.
Removal and Risks
Experts warn that removing PromptSpy is challenging. In many cases, users must reboot their devices into Safe Mode — which disables third-party apps — before attempting uninstallation.
While the campaign’s full scope remains unclear, early indicators suggest possible financial motives and region-specific targeting. Attribution, however, has not been definitively established.
Security professionals advise Android users to avoid downloading apps from unverified sources, review app permissions carefully and ensure their devices are protected with up-to-date security software.
The emergence of AI-powered malware such as PromptSpy underscores growing concerns that threat actors are increasingly weaponizing advanced technologies to evade traditional detection systems and broaden their reach.
