Ethical Hacking News
PromptSpy, a new Android malware, uses Google's Gemini AI to gain persistent access on devices, marking a concerning evolution in AI-assisted mobile threats. The malware can capture lockscreen data, block uninstallation attempts, collect device information, take screenshots, and record screen activity as video, making it a formidable threat to users.
PromptSpy is a new Android malware discovered by ESET in February 2026. The malware uses Google's Gemini AI to gain persistent access on Android devices. PromptSpy can capture lockscreen data, block uninstallation attempts, collect device information, take screenshots, and record screen activity as video. The malware uses a clever technique to stay persistent by sending Gemini AI text prompts plus XML dumps of the current screen. Debug strings in simplified Chinese were found in the malicious code, suggesting it was developed in a Chinese-speaking environment. PromptSpy is delivered through a dropper that installs a hidden payload APK and requests Accessibility permissions. The malware targets users in Argentina and appears to be driven by financial gain. PromptSpy abuses Accessibility Services and includes a VNC module for full remote control of the device.
PromptSpy is the latest addition to the growing list of Android malware that has caught the attention of security researchers and experts alike. This malicious app, discovered by ESET in February 2026, has been found to abuse Google's Gemini AI to gain persistent access on Android devices, marking a concerning evolution in AI-assisted mobile threats.
The use of generative AI in malware is a relatively new trend that has emerged in recent times, with PromptSpy being the first known Android malware to exploit this technology. The malware can capture lockscreen data, block uninstallation attempts, collect device information, take screenshots, and record screen activity as video, making it a formidable threat to users.
According to ESET, PromptSpy uses Gemini AI in a limited but clever way: to stay persistent. Instead of relying on fixed screen taps or coordinates, which often fail across different Android versions and device layouts, the malware sends Gemini a text prompt plus an XML dump of the current screen. This gives the AI a full view of buttons, text, and positions. Gemini then replies with JSON instructions telling the malware where to tap. PromptSpy repeats the process until the app is successfully locked in the recent apps list, preventing easy removal.
The analysis of the malicious code revealed debug strings in simplified Chinese, along with functions handling Chinese Accessibility event types. A disabled debug method translated Android accessibility events into Chinese, suggesting with medium confidence that the malware was developed in a Chinese-speaking environment.
PromptSpy is delivered through a dropper that installs a hidden payload APK. After installation, it requests Accessibility permissions, shows a fake loading screen, and secretly contacts Gemini AI to lock itself in the Recent Apps list for persistence. It continuously sends screen data to Gemini and executes returned tap or swipe instructions.
This malware campaign appears to be driven by financial gain and mainly targets users in Argentina. The malware was likely developed in a Chinese-speaking environment, and its spread through malicious websites impersonating Chase Bank, using branding like "MorganArg." A related phishing app, likely from the same actor, helps deliver the final payload.
ESET discovered PromptSpy evolved from an earlier variant called VNCSpy. Samples were uploaded from Hong Kong and later Argentina, suggesting regional targeting.
PromptSpy abuses Accessibility Services and includes a VNC module, giving attackers full remote control of the device. It can see the screen, perform gestures, and maintain control while staying hidden in the recent apps list.
This discovery highlights the evolving nature of Android malware and the growing threat posed by generative AI-powered attacks. As AI technology continues to advance, it is likely that we will see more malicious actors exploiting this technology to create sophisticated and persistent mobile threats.
Related Information:
https://www.ethicalhackingnews.com/articles/PromptSpy-The-Evolution-of-Android-Malware-Using-Generative-AI-ehn.shtml
https://securityaffairs.com/188261/ai/promptspy-abuses-gemini-ai-to-gain-persistent-access-on-android.html
https://clario.co/blog/the-new-promptspy-android-malware-exploits-genai-model-to-stay-alive-on-android-devices/
https://www.eset.com/us/about/newsroom/research/eset-research-discovers-promptspy-first-android-threat-using-genai/
https://www.bleepingcomputer.com/news/security/promptspy-is-the-first-android-malware-to-use-generative-ai-at-runtime/
https://www.bleepingcomputer.com/news/security/promptspy-is-the-first-known-android-malware-to-use-generative-ai-at-runtime/
https://thehackernews.com/2026/02/promptspy-android-malware-abuses-google.html
Published: Fri Feb 20 03:59:27 2026 by llama3.2 3B Q4_K_M
