A modern era of mobile malware has begun, with the discovery of “PromptSpy,” the first known Android threat to leverage the power of generative artificial intelligence in its execution. Developed by cybercriminals, PromptSpy utilizes Google’s Gemini AI model to maintain a persistent foothold on compromised devices, granting attackers extensive control. The emergence of PromptSpy signals a significant escalation in sophistication, moving beyond traditional malware tactics and into the realm of AI-assisted attacks.
The malware disguises itself as a fraudulent banking application named “MorganArg,” according to research from ESET, a European cybersecurity firm. Once installed, it requests a broad range of permissions, and upon granting these, gains near-complete control over the device’s functions. This includes the ability to monitor the screen in real-time, read messages, initiate financial transactions, and steal sensitive credentials. This level of access effectively gives attackers a remote control over the victim’s digital life.
How PromptSpy Exploits Gemini AI
What sets PromptSpy apart is its innovative apply of artificial intelligence. Instead of relying on pre-programmed instructions, the malware sends screenshots of the current phone display to Gemini. The AI then analyzes the screen, much like a human user, and provides the malware with step-by-step instructions on how to navigate the user interface. This dynamic approach allows PromptSpy to adapt to different Android versions and a wide variety of devices, making it significantly more resilient than traditional malware. According to ESET’s research, Here’s the second AI-powered malware they’ve discovered, following PromptLock, the first known AI-driven ransomware, in August 2025.
This adaptability is a game-changer. “Leveraging generative AI enables the threat actors to adapt to more or less any device, layout, or OS version, which can greatly expand the pool of potential victims,” ESET researchers noted in their analysis. The AI model and prompts are pre-defined within the malware’s code and cannot be altered by the user, but the core functionality of interpreting the screen and responding dynamically remains.
Targeting and Technical Details
While the campaign appears financially motivated, initial analysis suggests a potential connection to Chinese-speaking actors. The malicious application has not been found in official app stores like Google Play, indicating distribution through alternative channels. PromptSpy also employs techniques to hinder removal, utilizing invisible layers to disable critical keys and making it difficult to uninstall. Security researchers describe this as giving attackers control of the phone “as if they were holding it physically.”
The malware’s primary function is to deploy a built-in Virtual Network Computing (VNC) module, providing operators with remote access to the victim’s device. This allows them to see the screen and perform actions as if they were physically using the phone. ESET’s analysis details the malware’s capabilities, including capturing lock screen data, blocking uninstallation attempts, gathering device information, taking screenshots, and recording screen activity as video. ESET’s full report provides a detailed technical breakdown of PromptSpy’s functionality.
Protecting Yourself from AI-Powered Malware
Experts recommend several steps to mitigate the risk of infection. Users should only download applications from trusted sources, particularly the Google Play Store. Caution should be exercised when granting broad permissions, such as access to accessibility services, as these can be exploited for malicious purposes. Regular system updates are also crucial, as they often include security patches that address vulnerabilities. Security Affairs highlights the importance of these preventative measures.
If you suspect your device has been compromised, booting into safe mode can often allow you to uninstall the malicious application. Devices with Google Play Protect enabled benefit from an additional layer of security, as it can detect and remove known malware variants. SecurityWeek reports that Google Play Protect is effective in identifying known versions of the malware.
The development of PromptSpy represents a significant shift in the threat landscape. As AI technology continues to advance, This proves likely that cybercriminals will increasingly leverage its capabilities to create more sophisticated and evasive malware. Staying informed about these emerging threats and adopting proactive security measures is essential for protecting your digital life.
What comes next will depend on how quickly security firms and Google can respond to this new class of threat. Continued research into AI-powered malware and the development of effective detection and prevention techniques will be critical in the ongoing battle against cybercrime. Share your thoughts and experiences in the comments below.
