In February 2026, ESET researchers unveiled PromptSpy, the first Android malware to exploit Google’s Gemini AI for persistent access on devices. This sophisticated malware captures lockscreen data, blocks uninstallation attempts, and records screen activity, marking a significant advancement in AI-assisted mobile threats. Unlike traditional malware, PromptSpy leverages Gemini AI to adapt to various Android versions by sending screen data and receiving targeted tap instructions, enhancing its evasion techniques. Targeting users primarily in Argentina, it utilizes a VNC module for remote control and communicates via encrypted channels. Users can fall victim through malicious websites masquerading as trusted services. The malware’s ability to circumvent removal through Accessibility Services makes it particularly dangerous. This evolving threat highlights the potential misuse of generative AI in malware development, underscoring the urgent need for robust cybersecurity measures. As PromptSpy exemplifies, AI can make malware more dynamic, emphasizing the risks in the digital landscape.
Source link
