A new Android malware strain, dubbed PromptSpy by researchers at ESET, is making headlines for its innovative use of generative artificial intelligence. This marks the first known instance of malware for Android utilizing AI in its execution flow, specifically leveraging Google’s Gemini to adapt to different device interfaces and maintain persistence. The campaign appears to be financially motivated and is currently targeting users in Argentina, distributing the malware disguised as a banking application called MorganArg.
PromptSpy’s unique approach sets it apart from traditional Android malware, which often relies on hard-coded commands that can fail across varying Android versions or manufacturer customizations. Instead, the malware transmits screenshots of the device’s screen to Gemini, prompting the AI to analyze the interface and provide step-by-step instructions for actions like preventing uninstallation or bypassing security prompts. This adaptability significantly increases the malware’s robustness and potential reach, according to ESET’s research.
How PromptSpy Operates
The core function of PromptSpy extends beyond its AI-driven persistence mechanism. Once installed, the malware establishes a Virtual Network Computing (VNC) module, granting attackers remote access to the compromised device. This allows them to view the screen, intercept data, and perform actions as if they were physically using the device. Researchers have confirmed PromptSpy is capable of capturing lock screen data, blocking attempts to uninstall the application, gathering device information, taking screenshots, and recording screen activity as video. This is the second AI-powered malware discovered by ESET Research, following PromptLock in August 2025, which was the first identified case of AI-driven ransomware.
“The use of generative AI allows threat actors to adapt to practically any device, layout, or OS version, which can greatly expand the pool of potential victims,” explains Lukáš Štefanko, a researcher at ESET who discovered PromptSpy. “The main goal of this malware is to implement an integrated VNC module, which gives operators remote access to the victim’s device.”
Distribution and Targeting
PromptSpy is distributed through a specific website and has not been found on the Google Play Store. ESET, as a partner in the App Defense Alliance, shared its findings with Google, and users are now protected against known versions of the malware by Google Play Protect, which is enabled by default on Android devices with Google Play Services. The malware disguises itself as a banking app, mimicking the appearance of Morgan Chase, and the name “MorganArg” suggests a regional focus on Argentina. ESET’s full report details the technical aspects of the malware and its operation.
To prevent uninstallation, PromptSpy employs invisible or overlapping UI elements, making it challenging for users to remove the app through standard methods. The only reliable way to remove PromptSpy is to restart the device in safe mode, where third-party applications are disabled, allowing for uninstallation. The process for entering safe mode varies depending on the device manufacturer, but generally involves holding the power button, then pressing and holding the “Power off” option, and confirming the “Reboot to safe mode” message.
Implications and Future Threats
While Gemini is currently used in a limited capacity within PromptSpy – primarily for achieving persistence – its integration demonstrates the potential for AI to significantly enhance malware capabilities. Štefanko notes that this implementation shows how AI tools can make malware more dynamic, automating actions that would traditionally be more complex to achieve with conventional scripting. The Hacker News also reported on the malware’s innovative use of AI.
The emergence of PromptSpy signals a potential shift in the threat landscape, where AI is no longer simply a support tool for malware developers but a central control element. As AI technology continues to evolve, it is likely that we will see more sophisticated and adaptable malware strains emerge, requiring ongoing vigilance and innovation in cybersecurity defenses. Cybersecurity Now provides further context on the threat.
The ongoing development of AI-powered malware underscores the importance of proactive security measures, including keeping devices updated with the latest security patches, being cautious when installing applications from unknown sources, and utilizing robust mobile security solutions. What comes next will likely involve a continued arms race between security researchers and threat actors, as both sides leverage AI to enhance their capabilities.
What are your thoughts on the evolving role of AI in cybersecurity? Share your comments below and help us continue the conversation.
