The first malware that thinks with AI
Cybersecurity firm ESET has discovered what it considers a concerning milestone in the evolution of mobile malware: PromptSpy, the first Android trojan that uses Google Gemini, the generative AI chatbot, as part of its runtime execution flow.
Unlike traditional malware that follows pre-programmed instructions, PromptSpy queries Gemini AI to analyze the infected device screen and receive step-by-step instructions on how to stay active, prevent the user from closing it, and block its own uninstallation.
How PromptSpy works
The malware is distributed disguised as a legitimate banking application called MorganArg, which impersonates JPMorgan Chase. Once installed, PromptSpy activates multiple malicious capabilities that make it a serious threat to any Android user.
Its core functions include capturing lock screen data, blocking uninstallation attempts, gathering device information, taking screenshots, and recording screen activity as video. It also enables full remote device control via VNC, giving attackers complete access to the infected phone.
How Gemini AI powers the attack
What makes PromptSpy unique is how it leverages artificial intelligence. The malware sends screenshots of the current screen to Gemini and asks for instructions on how to keep itself pinned in the recent apps list. Gemini processes this information and responds with JSON instructions that tell the malware exactly what action to perform and where to tap on the screen.
This approach allows the malware to adapt to different Android versions and device configurations without manual updates from the attackers. The AI solves compatibility issues in real time, making the malware significantly more resilient than traditional variants.
Who is at risk
According to ESET analysis, the campaign appears to primarily target users in Argentina, based on language localization clues and observed distribution vectors. However, the technique could easily be replicated to target users in any country worldwide.
So far, PromptSpy has not been detected in ESET telemetry, suggesting it may be a proof of concept. However, its existence demonstrates that cybercriminals are already actively exploring the use of generative AI to enhance their attacks.
How to protect yourself
To protect against threats like PromptSpy, experts recommend installing apps only from the Google Play Store and never from links sent via SMS or email. Keep your device updated with the latest security patches and use a reliable Android antivirus solution.
If you suspect your device is infected, restart in safe mode, review installed applications, and remove any you do not recognize. In severe cases, a factory reset is the safest option to eliminate any trace of the malware from your device.
What this means for the future
PromptSpy marks the beginning of a new era in mobile malware. If attackers can use generative AI to make their malware automatically adapt to any device, traditional signature-based defenses will become obsolete faster than expected. The race between attackers and defenders just accelerated significantly, and the security industry must adapt its strategies accordingly.
