PromptSpy Android Malware Leverages Google Gemini for Adaptive Attacks
Key Takeaways PromptSpy is a novel Android spyware that leverages Google Gemini for real-time adaptive attacks, marking a significant evolution in mobile malware capabilities. The malware functions...
Key Takeaways
- PromptSpy is a novel Android spyware that leverages Google Gemini for real-time adaptive attacks, marking a significant evolution in mobile malware capabilities.
- The malware functions as a remote access trojan, capable of stealing credentials, screenshots, and recording video, with all communications encrypted.
- PromptSpy employs advanced persistence techniques, including invisible overlays, making uninstallation difficult without using Safe Mode.
- Discovered by ESET, this threat was initially distributed via a deceptive banking website, though its real-world prevalence appears limited, suggesting it may still be in an experimental phase.
A sophisticated new Android spyware, dubbed PromptSpy, has been identified as the first known mobile malware to integrate generative artificial intelligence capabilities directly into its runtime execution. This groundbreaking development indicates a potential shift in the landscape of mobile threats, enabling malicious software to adapt its behavior in real-time on infected devices.
Table Of Content
Unlike traditional malware that relies on predefined, hardcoded instructions, PromptSpy dynamically interacts with Google’s Gemini large language model. This interaction allows the malware to intelligently determine how to manipulate a compromised phone’s interface, moving beyond rigid command sets and enabling more versatile and resilient attack strategies.
At its core, PromptSpy operates as a remote access trojan (RAT), designed to exfiltrate sensitive information from targeted Android devices. Its capabilities include capturing lockscreen PINs and passwords, enumerating installed applications, taking screenshots on demand, and covertly recording video. A built-in remote access module grants attackers live control over the device’s screen, with all command-and-control (C2) communications encrypted to evade detection.
Security researchers at ESET uncovered PromptSpy during an investigation into an unrelated AI-powered ransomware variant. Their analysis revealed that the malware was initially disseminated through a fraudulent website impersonating an Argentine banking institution, utilizing a matching application name to enhance its legitimacy and trick users. Despite this deceptive distribution method, ESET’s telemetry suggests that PromptSpy’s real-world deployment has been minimal, indicating it may currently be an experimental proof-of-concept rather than a widespread campaign, as detailed in their report.
However, a confirmed detection of PromptSpy in Ukraine in February 2026 demonstrates that this threat has already begun to move beyond its initial testing grounds. Coupled with forensic evidence pointing to a Chinese-speaking development team, this incident underscores the rapid global proliferation potential of advanced malware once it is packaged and released online. ESET emphasized in a report shared with Cyber Security News (CSN) that this discovery contributes to a growing trend of AI integration across various malicious tools and platforms.
PromptSpy Android Malware Uses Google Gemini
A key innovation distinguishing PromptSpy is its method for maintaining persistence on a device. The malware aims to “pin” itself within the list of recently used applications, preventing users from easily force-closing or swiping it away. Automating such a gesture across the diverse array of Android devices and OS versions typically presents a significant technical challenge for malware developers.
PromptSpy circumvents this complexity by sending a detailed representation of the current screen to Google Gemini. This data includes visible text, button types, and their precise coordinates. Gemini then processes this information and returns a set of instructions detailing the specific gestures required to achieve the desired action, such as pinning the application.

PromptSpy executes these gestures using Android’s accessibility services. It then re-evaluates the updated screen state and iteratively repeats the process until the application is successfully locked into place. This dynamic interaction allows the malware to adapt to varying UI layouts, making it highly effective across different Android environments.
Persistence Tricks and Removal Advice
Beyond its AI-driven adaptability, PromptSpy employs additional tactics to resist uninstallation. It exploits accessibility permissions to superimpose invisible overlays directly over the “Stop” and “Uninstall” buttons within the app settings menu. This renders these critical buttons unresponsive to user taps, effectively preventing direct removal.

ESET researchers note that due to these persistence mechanisms, PromptSpy can typically only be removed by booting the Android device into Safe Mode. This mode disables third-party applications and bypasses the malware’s accessibility-based interference. Further research from Google’s Threat Intelligence Group indicates that PromptSpy’s AI component is designed for broader screen navigation, and its attackers can remotely update various malware elements, including its Gemini API keys, through its command and control infrastructure.
ESET highlights that while PromptSpy’s current application of AI is specific, it heralds a future where malicious software may leverage generative models for dynamic adaptation, reducing reliance on static, hardcoded logic and making such threats significantly more challenging to detect and mitigate.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.