PromptSpy Malware Abuses Gemini AI for Android Persistence
These articles are AI-generated summaries. Please check the original sources for full details.
PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence
ESET researchers discovered PromptSpy, the first Android malware to integrate Google’s Gemini AI chatbot directly into its execution flow. The malware sends screen XML dumps to Gemini to receive JSON instructions for bypassing UI-based security measures.
Why This Matters
While traditional malware relies on hard-coded UI coordinates that break across different OS versions and screen sizes, PromptSpy uses generative AI to dynamically interpret layouts. This allows attackers to automate complex tasks like locking an app in the ‘recent apps’ list across virtually any Android device, circumventing standard defensive heuristics and ensuring the malicious process remains active.
Key Insights
- ESET researcher Lukáš Štefanko identified PromptSpy as an evolution of VNCSpy, with samples first uploaded to VirusTotal in early 2026.
- The malware assigns Gemini the persona of an ‘Android automation assistant’ to receive step-by-step UI interaction instructions based on real-time screen data.
- PromptSpy utilizes Android’s accessibility services to execute Gemini-suggested actions, such as taps and scrolls, without requiring user intervention.
- Persistence is achieved by pinning the malicious app in the recent apps list, preventing it from being swiped away or terminated by the system.
- Attribution suggests a Chinese-speaking environment due to debug strings in simplified Chinese, though the primary targets are users in Argentina.
- Command-and-control (C2) communication occurs via the VNC protocol at IP address 54.67.2[.]84 to facilitate remote device access.
Practical Applications
- Remote Access Control: Attackers use a built-in VNC module to take screenshots, record screen video, and intercept lockscreen PINs or patterns.
- Financial Phishing: The malware masquerades as ‘MorganArg’ (JPMorgan Chase) using the domain mgardownload[.]com to trick users into granting permissions.
- Persistence via Overlays: PromptSpy uses invisible screen overlays to block uninstallation efforts, forcing victims to use Android Safe Mode for removal.
- Automated UI Navigation: Malware adapts to any device layout by sending XML dumps of UI elements to an AI model to determine click coordinates.
References:
Continue reading
Next article
Self-Hosting Vision Models on Datacenter GPUs
Related Content
Kimsuky Spreads DocSwap Android Malware via QR Phishing
North Korean group Kimsuky leverages QR code phishing sites disguised as CJ Logistics to distribute DocSwap Android malware, enabling remote access and data theft.
NANOREMOTE Malware Leverages Google Drive API for Covert Windows Control
NANOREMOTE, a new Windows backdoor, utilizes the Google Drive API for command-and-control, enabling stealthy data theft and payload delivery.
PLUGGYAPE Malware Leverages Signal and WhatsApp to Target Ukrainian Defense
CERT-UA reports PLUGGYAPE malware attacks targeting Ukrainian defense forces via Signal and WhatsApp, demonstrating a shift towards encrypted messaging app exploitation.