The discovery of the first Android malware family leveraging a generative AI model marks a new chapter in mobile security threats. This malware utilizes Google’s Gemini AI to enhance its operational execution. Initially identified in February 2026, it signifies a notable advancement in malicious mobile activities, following ESET’s earlier detection of PromptLock, an AI-driven ransomware, back in August 2025.
Origins and Development
ESET researcher Lukas Stefanko uncovered this malware, dubbed PromptSpy, which evolved from an earlier variant known internally as VNCSpy. Evidence of its existence surfaced when three samples were found on VirusTotal on January 13, 2026, originating from Hong Kong. By February 10, 2026, more sophisticated versions integrating the Gemini AI were detected, uploaded from Argentina, leading ESET to classify them under the PromptSpy family.
Distribution and Deception Tactics
Disguised as a Chase Bank-themed app named MorganArg, this malware was distributed through the now-defunct domain mgardownload[.]com, posing as a login interface for JPMorgan Chase Bank. Although ESET’s telemetry hasn’t recorded any direct infections, the establishment of a specialized distribution network indicates a probable intent for real-world deployment.
Analysis of the malware reveals debug strings and code in simplified Chinese, suggesting its development within a Chinese-speaking environment. This is further reinforced by Chinese-localized accessibility handlers, pointing to the malware’s origins.
Technical Sophistication and Capabilities
Unlike traditional Android malware that depends on static screen coordinates, PromptSpy employs Gemini to overcome device-specific challenges. By sending natural-language prompts and real-time UI data to the AI, the malware receives precise instructions to perform actions like locking the malicious app in the multitasking view, making it resistant to user intervention.
PromptSpy’s primary goal is to execute a VNC module for remote control over the infected device. Once accessibility services are activated, the malware can capture lockscreen credentials, take screenshots, and monitor app activities. It uses AES encryption to communicate with its command server, ensuring secure data transmission.
Despite its sophistication, PromptSpy has not been found on Google Play. ESET has collaborated with Google to enhance user protection through the App Defense Alliance, ensuring Google Play Protect shields users from known threats.
Indicators of compromise include various SHA-1 hashes associated with the malware, alongside IP addresses linked to its distribution and command servers. These indicators are crucial for cybersecurity professionals to identify and mitigate the malware’s impact.
Stay updated on cybersecurity trends by following us on Google News, LinkedIn, and X. Reach out for more insights or to feature relevant stories in our coverage.
