A novel Android spyware known as PromptSpy represents a groundbreaking advancement in mobile malware, employing generative AI during its runtime on compromised devices. By utilizing Google’s Gemini model, this malware dynamically interacts with the device’s screen, moving beyond traditional static commands.
Unique Capabilities of PromptSpy
Unlike conventional malware that operates on predefined instructions, PromptSpy accesses the Gemini model in real time to determine its actions on a phone. This ability marks a significant evolution in mobile security threats, as the malware can adapt its behavior dynamically.
PromptSpy functions similarly to a typical remote access trojan, designed to exfiltrate data from infected devices. It has the capability to capture login credentials, catalog installed applications, and covertly record both screenshots and videos. Its remote access module enables attackers to control the device’s screen live, while encrypted communications help it evade basic security measures.
Discovery and Distribution
Researchers at ESET identified PromptSpy while examining an AI-enhanced ransomware case. Their investigation revealed that the malware was distributed via a website mimicking a prominent Argentine bank, complete with a deceptive app name to gain user trust.
Despite its sophisticated setup, PromptSpy was notably absent from widespread telemetry, implying it could be a proof of concept rather than a fully launched campaign. Nevertheless, a documented case in Ukraine from February 2026 indicates the malware’s potential to extend beyond its initial test environment.
ESET’s report, shared with Cyber Security News, highlights the increasing integration of AI into malicious software across various platforms, underscoring the growing complexity of cyber threats.
Persistence and Removal Challenges
PromptSpy employs a strategic method to ensure it remains active on a device. By leveraging Gemini, it generates specific instructions to maintain its presence in the recent apps list, circumventing the difficulty of automating swipes across diverse Android devices.
To prevent uninstallation, PromptSpy utilizes accessibility permissions to overlay invisible barriers on the Stop and Uninstall buttons within the app settings. Users typically need to reboot the device in safe mode to remove the application, bypassing these restrictions.
According to Google’s Threat Intelligence Group, PromptSpy’s AI component is designed for broad screen navigation tasks, with potential updates to its Gemini API keys possible through its command and control channel.
ESET suggests that while the current application of AI in PromptSpy is limited, it foreshadows a future where malware increasingly relies on adaptable generative models rather than rigid, predefined logic.
Strengthening proactive defense strategies is crucial to prevent critical incidents and financial losses. Integrating real-time threat intelligence from global SOC teams can enhance security measures against evolving threats like PromptSpy.
