Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Android Malware PromptSpy Adapts Using AI in Real-Time

Android Malware PromptSpy Adapts Using AI in Real-Time

Posted on July 8, 2026 By CWS

A novel Android spyware known as PromptSpy represents a groundbreaking advancement in mobile malware, employing generative AI during its runtime on compromised devices. By utilizing Google’s Gemini model, this malware dynamically interacts with the device’s screen, moving beyond traditional static commands.

Unique Capabilities of PromptSpy

Unlike conventional malware that operates on predefined instructions, PromptSpy accesses the Gemini model in real time to determine its actions on a phone. This ability marks a significant evolution in mobile security threats, as the malware can adapt its behavior dynamically.

PromptSpy functions similarly to a typical remote access trojan, designed to exfiltrate data from infected devices. It has the capability to capture login credentials, catalog installed applications, and covertly record both screenshots and videos. Its remote access module enables attackers to control the device’s screen live, while encrypted communications help it evade basic security measures.

Discovery and Distribution

Researchers at ESET identified PromptSpy while examining an AI-enhanced ransomware case. Their investigation revealed that the malware was distributed via a website mimicking a prominent Argentine bank, complete with a deceptive app name to gain user trust.

Despite its sophisticated setup, PromptSpy was notably absent from widespread telemetry, implying it could be a proof of concept rather than a fully launched campaign. Nevertheless, a documented case in Ukraine from February 2026 indicates the malware’s potential to extend beyond its initial test environment.

ESET’s report, shared with Cyber Security News, highlights the increasing integration of AI into malicious software across various platforms, underscoring the growing complexity of cyber threats.

Persistence and Removal Challenges

PromptSpy employs a strategic method to ensure it remains active on a device. By leveraging Gemini, it generates specific instructions to maintain its presence in the recent apps list, circumventing the difficulty of automating swipes across diverse Android devices.

To prevent uninstallation, PromptSpy utilizes accessibility permissions to overlay invisible barriers on the Stop and Uninstall buttons within the app settings. Users typically need to reboot the device in safe mode to remove the application, bypassing these restrictions.

According to Google’s Threat Intelligence Group, PromptSpy’s AI component is designed for broad screen navigation tasks, with potential updates to its Gemini API keys possible through its command and control channel.

ESET suggests that while the current application of AI in PromptSpy is limited, it foreshadows a future where malware increasingly relies on adaptable generative models rather than rigid, predefined logic.

Strengthening proactive defense strategies is crucial to prevent critical incidents and financial losses. Integrating real-time threat intelligence from global SOC teams can enhance security measures against evolving threats like PromptSpy.

Cyber Security News Tags:AI in malware, AI security threats, Android malware, cyber threats, Cybersecurity, ESET, Gemini model, Google Gemini, malware detection, mobile security, mobile spyware, PromptSpy, real-time adaptation, remote access trojan, threat intelligence

Post navigation

Previous Post: Fake Google Page Targets Mexican Bank Users with Malware
Next Post: APT-C-20 Uses PNG Images for Stealthy C# Backdoor

Related Posts

Windows Rust-based Kernel GDI Vulnerability Leads to Crash and Blue Screen of Death Error Windows Rust-based Kernel GDI Vulnerability Leads to Crash and Blue Screen of Death Error Cyber Security News
Best MSP Software: The Essential Tech Stack  Best MSP Software: The Essential Tech Stack  Cyber Security News
Agent Skill Malware Bypasses AI Security Measures Agent Skill Malware Bypasses AI Security Measures Cyber Security News
New ClickFix Attack Uses Fake BBC News Page and Fraudulent Cloudflare Verification to Trick Users New ClickFix Attack Uses Fake BBC News Page and Fraudulent Cloudflare Verification to Trick Users Cyber Security News
Security Flaw in WordPress Plugin Uncovered After Years Security Flaw in WordPress Plugin Uncovered After Years Cyber Security News
Researchers Exploited Google kernelCTF Instances And Debian 12 With A 0-Day Researchers Exploited Google kernelCTF Instances And Debian 12 With A 0-Day Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • APT-C-20 Uses PNG Images for Stealthy C# Backdoor
  • Android Malware PromptSpy Adapts Using AI in Real-Time
  • Fake Google Page Targets Mexican Bank Users with Malware
  • Claude Cowork Enhances AI Session Management on Mobile
  • Cybercriminals Exploit Fake Software to Create Proxy Networks

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • APT-C-20 Uses PNG Images for Stealthy C# Backdoor
  • Android Malware PromptSpy Adapts Using AI in Real-Time
  • Fake Google Page Targets Mexican Bank Users with Malware
  • Claude Cowork Enhances AI Session Management on Mobile
  • Cybercriminals Exploit Fake Software to Create Proxy Networks

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark