Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
APT-C-20 Hackers Use PNG Images to Deliver Fileless C# Backdoor
July 8, 2026
PromptSpy Android Malware Leverages Google Gemini for Adaptive Attacks
July 8, 2026
ClickFix Phishing Campaign Targets Mexican Bank Customers With Fake Google Verification
July 8, 2026
Home/Threats/PromptSpy Android Malware Leverages Google Gemini for Adaptive Attacks
Threats

PromptSpy Android Malware Leverages Google Gemini for Adaptive Attacks

Key Takeaways PromptSpy is a novel Android spyware that leverages Google Gemini for real-time adaptive attacks, marking a significant evolution in mobile malware capabilities. The malware functions...

Jennifer sherman
Jennifer sherman
July 8, 2026 4 Min Read
4 0

Key Takeaways

  • PromptSpy is a novel Android spyware that leverages Google Gemini for real-time adaptive attacks, marking a significant evolution in mobile malware capabilities.
  • The malware functions as a remote access trojan, capable of stealing credentials, screenshots, and recording video, with all communications encrypted.
  • PromptSpy employs advanced persistence techniques, including invisible overlays, making uninstallation difficult without using Safe Mode.
  • Discovered by ESET, this threat was initially distributed via a deceptive banking website, though its real-world prevalence appears limited, suggesting it may still be in an experimental phase.

A sophisticated new Android spyware, dubbed PromptSpy, has been identified as the first known mobile malware to integrate generative artificial intelligence capabilities directly into its runtime execution. This groundbreaking development indicates a potential shift in the landscape of mobile threats, enabling malicious software to adapt its behavior in real-time on infected devices.

Table Of Content

  • Key Takeaways
  • PromptSpy Android Malware Uses Google Gemini
  • Persistence Tricks and Removal Advice

Unlike traditional malware that relies on predefined, hardcoded instructions, PromptSpy dynamically interacts with Google’s Gemini large language model. This interaction allows the malware to intelligently determine how to manipulate a compromised phone’s interface, moving beyond rigid command sets and enabling more versatile and resilient attack strategies.

At its core, PromptSpy operates as a remote access trojan (RAT), designed to exfiltrate sensitive information from targeted Android devices. Its capabilities include capturing lockscreen PINs and passwords, enumerating installed applications, taking screenshots on demand, and covertly recording video. A built-in remote access module grants attackers live control over the device’s screen, with all command-and-control (C2) communications encrypted to evade detection.

Security researchers at ESET uncovered PromptSpy during an investigation into an unrelated AI-powered ransomware variant. Their analysis revealed that the malware was initially disseminated through a fraudulent website impersonating an Argentine banking institution, utilizing a matching application name to enhance its legitimacy and trick users. Despite this deceptive distribution method, ESET’s telemetry suggests that PromptSpy’s real-world deployment has been minimal, indicating it may currently be an experimental proof-of-concept rather than a widespread campaign, as detailed in their report.

However, a confirmed detection of PromptSpy in Ukraine in February 2026 demonstrates that this threat has already begun to move beyond its initial testing grounds. Coupled with forensic evidence pointing to a Chinese-speaking development team, this incident underscores the rapid global proliferation potential of advanced malware once it is packaged and released online. ESET emphasized in a report shared with Cyber Security News (CSN) that this discovery contributes to a growing trend of AI integration across various malicious tools and platforms.

PromptSpy Android Malware Uses Google Gemini

A key innovation distinguishing PromptSpy is its method for maintaining persistence on a device. The malware aims to “pin” itself within the list of recently used applications, preventing users from easily force-closing or swiping it away. Automating such a gesture across the diverse array of Android devices and OS versions typically presents a significant technical challenge for malware developers.

PromptSpy circumvents this complexity by sending a detailed representation of the current screen to Google Gemini. This data includes visible text, button types, and their precise coordinates. Gemini then processes this information and returns a set of instructions detailing the specific gestures required to achieve the desired action, such as pinning the application.

PromptSpy’s execution flow (Source - ESET)
PromptSpy’s execution flow (Source – ESET)

PromptSpy executes these gestures using Android’s accessibility services. It then re-evaluates the updated screen state and iteratively repeats the process until the application is successfully locked into place. This dynamic interaction allows the malware to adapt to varying UI layouts, making it highly effective across different Android environments.

Persistence Tricks and Removal Advice

Beyond its AI-driven adaptability, PromptSpy employs additional tactics to resist uninstallation. It exploits accessibility permissions to superimpose invisible overlays directly over the “Stop” and “Uninstall” buttons within the app settings menu. This renders these critical buttons unresponsive to user taps, effectively preventing direct removal.

High-level scheme of the BYOVD technique (Source - ESET)
High-level scheme of the BYOVD technique (Source – ESET)

ESET researchers note that due to these persistence mechanisms, PromptSpy can typically only be removed by booting the Android device into Safe Mode. This mode disables third-party applications and bypasses the malware’s accessibility-based interference. Further research from Google’s Threat Intelligence Group indicates that PromptSpy’s AI component is designed for broader screen navigation, and its attackers can remotely update various malware elements, including its Gemini API keys, through its command and control infrastructure.

ESET highlights that while PromptSpy’s current application of AI is specific, it heralds a future where malicious software may leverage generative models for dynamic adaptation, reducing reliance on static, hardcoded logic and making such threats significantly more challenging to detect and mitigate.

Type Indicator Description
Domain mgardownload[.]com Website used to distribute the PromptSpy malware, offline at time of analysis
File name MorganArg / MorganArgs App name used by PromptSpy to impersonate a JPMorgan Chase Argentina branch app

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackMalwareransomwareSecurityThreat

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

ClickFix Phishing Campaign Targets Mexican Bank Customers With Fake Google Verification

Next Post

APT-C-20 Hackers Use PNG Images to Deliver Fileless C# Backdoor

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
DuckDuckGo Browser Uses Community Filter Lists to Block YouTube Ads
July 8, 2026
Critical RCE Flaw in Claude Desktop App Lets Attackers Execute Remote Code
July 8, 2026
CrowdStrike Reveals 5 New AI Prompt Injection Techniques
July 8, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
David kimber
David kimber
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us