has discovered the first known Android malware to use generative AI in its execution flow; we have named it . The malware abuses Google’s to achieve persistence on the compromised device. https://www.welivesecurity.com/en/eset-research/promptspy-ushers-in-era-android-threats-using-genai/
Gemini is used to analyze the current screen and provide PromptSpy with step-by-step instructions to ensure that the malicious app remains pinned in the recent apps list, preventing it from being easily swiped away or killed by the system.
Since Android malware often relies on hardcoded UI navigation, employing generative AI enables the threat actors to adapt to more or less any device, layout, or OS version, which can greatly increase the number of potential victims.
PromptSpy abuses Accessibility Services to deploy a module on victim devices, so attackers can see the screen and perform actions remotely, as well as block the victim from manually uninstalling the malicious app (which uses invisible overlays, here marked in red).
The analyzed samples are available on VirusTotal and seem to be used in a real campaign targeting users in 🇦🇷, though we can’t rule out them being a part of a proof-of-concept. At the same time, the analyzed malware samples point toward PromptSpy being developed in a Chinese-speaking environment.
IoCs available in our GitHub repo: https://github.com/eset/malware-ioc