ESET researchers uncovered PromptSpy, the first Android malware to incorporate generative AI, evolving mobile threats through context-aware UI manipulation. Targeting users in Argentina, it employs Google’s Gemini to analyze screen layouts and execute commands to stay persistent in the recent apps list, complicating removal efforts.
PromptSpy, an evolution from AI-powered ransomware PromptLock, utilizes Accessibility Services to request permissions for automated interactions. The malware communicates with a command-and-control server using AES encryption and can capture sensitive data via VNC access, making it a serious threat for financial fraud.
Distributed through phishing websites masquerading as Chase Bank, PromptSpy employs dynamic automation, sidestepping traditional malware’s fixed coordinates by utilizing natural language prompts. It embeds anti-removal features, complicating uninstallation without safe mode access. Currently, it appears primarily as a proof-of-concept, posing a challenge for traditional detection methods that rely on established malicious behavior patterns.
For increased safety, users should remain vigilant and employ robust cybersecurity measures.
Source link
