ESET researchers have discovered a sophisticated Android malware, named PromptSpy, which leverages generative AI (GenAI) for enhanced persistence. This malware is an evolution of VNCSpy, first detected in January 2026 in Hong Kong. PromptSpy utilizes a VNC module for remote access, allowing attackers to monitor and control compromised devices. Recent samples were traced to Argentina, where they impersonated a banking application, MorganArg, linked to a spoofed JPMorgan website. By employing Google’s Gemini AI, PromptSpy can maintain its presence by ensuring it remains pinned in the recent apps list, making it difficult for users to remove. It requests Accessibility Service permissions to interact seamlessly with the device’s UI. The malware operates through a VNC protocol, enabling various malicious actions, including screen recording and capturing sensitive information. The use of AI marks a troubling evolution in Android malware, showcasing its adaptability across different devices and operating systems.
Source link
