Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Android Malware Uses AI for Extended Device Control

Android Malware Uses AI for Extended Device Control

Posted on February 20, 2026 By CWS

Security researchers at ESET have unveiled a novel threat in the form of an Android malware, PromptSpy, which uniquely employs generative AI to maintain its presence on devices. This marks the first instance of such technology being utilized in malware for Android systems, adding a sophisticated layer to its operational capabilities.

Malware Capabilities and Device Control

PromptSpy integrates a VNC module into compromised Android devices, enabling attackers to remotely access and manipulate the device’s interface. The malware’s capabilities extend to gathering comprehensive device information, capturing lockscreen credentials, and recording screen activities to deduce unlock patterns. This comprehensive data collection allows the malware to exert extensive control over infected devices.

AI-Powered Persistence Mechanism

In a breakthrough approach, PromptSpy employs Google’s Gemini AI chatbot to sustain its presence on devices. During runtime, the malware sends prompts to Gemini, accompanied by XML files that describe the screen’s UI elements. Gemini processes this data and provides JSON-based instructions on how to interact with the device, effectively adding the malware to the recent apps list. By exploiting Android’s Accessibility Services, PromptSpy executes these interactions seamlessly, ensuring its persistence across reboots.

Obstruction of Malware Removal

PromptSpy further complicates its removal by using Accessibility Services to obscure uninstall attempts. It overlays transparent blocks over critical screen elements, making actions like ‘stop’, ‘end’, or ‘uninstall’ ineffective. This tactic necessitates users to reboot their devices in Safe Mode to successfully remove the malware, bypassing third-party app functionalities.

Although ESET has not observed widespread infections, the presence of a domain targeting users in Argentina suggests potential distribution. Researchers attribute the malware to developers in China, albeit with moderate confidence, and have not linked it to any known threat actors.

PromptSpy’s emergence, although not yet widespread, underscores the evolving landscape of mobile threats, emphasizing the need for robust security measures. Continued vigilance and updates are critical as developers and security experts work to counteract such sophisticated threats.

Security Week News Tags:accessibility services, AI malware, Android security, Chinese developers, Cybersecurity, device control, ESET, Gemini AI, malware persistence, malware removal, mobile security, PromptSpy, proof-of-concept, Safe Mode, VNC module

Post navigation

Previous Post: Google Releases Urgent Chrome Security Patch for Critical Flaws
Next Post: Phishing Campaign Exploits OAuth Tokens in Microsoft 365

Related Posts

Cybercrime Losses Approach  Billion in 2025, FBI Reports Cybercrime Losses Approach $21 Billion in 2025, FBI Reports Security Week News
Data Breach Affects 250,000 at Nacogdoches Hospital Data Breach Affects 250,000 at Nacogdoches Hospital Security Week News
CodeSecCon 2025: Where Software Security’s Next Chapter Unfolds CodeSecCon 2025: Where Software Security’s Next Chapter Unfolds Security Week News
Windows’ Infamous ‘Blue Screen of Death’ Will Soon Turn Black Windows’ Infamous ‘Blue Screen of Death’ Will Soon Turn Black Security Week News
CISA Demands Urgent Fix for Exploited LiteSpeed Flaw CISA Demands Urgent Fix for Exploited LiteSpeed Flaw Security Week News
Chinese APT Exploits Unpatched Windows Flaw in Recent Attacks Chinese APT Exploits Unpatched Windows Flaw in Recent Attacks Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • New Windows Attack Method Evades Leading Security Tools
  • Injective Labs GitHub Breach Exposes Crypto Wallets
  • AI Gateways: Emerging Targets for Cyber Attacks
  • Hacker Server Leak Unveils Massive WordPress Breach
  • Critical Linux FUSE Flaw Allows Root Access

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • New Windows Attack Method Evades Leading Security Tools
  • Injective Labs GitHub Breach Exposes Crypto Wallets
  • AI Gateways: Emerging Targets for Cyber Attacks
  • Hacker Server Leak Unveils Massive WordPress Breach
  • Critical Linux FUSE Flaw Allows Root Access

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark