Researchers identified the first instance of Android malware utilizing generative AI, named “PromptSpy,” which employs Google’s Gemini model for device persistence. ESET researcher Lukas Stefanko reported this novel malware family, with the first variant, VNCSpy, detected in early 2026. Unlike previous Android malware, which only analyzed data, PromptSpy integrates generative AI to achieve its goals.
By leveraging AI, PromptSpy can dynamically adapt its actions, utilizing Android’s Accessibility Service to “pin” itself in the Recent Apps list, enhancing its persistence. The malware functions primarily as spyware, enabling threat actors to monitor device activity, capture screenshots, and intercept lockscreen credentials.
With limited distribution observed, the potential for real-world attacks exists, particularly through phishing sites impersonating legitimate services. This breakthrough highlights the growing trend of AI-enhanced malware, posing significant challenges to cybersecurity measures. ESET emphasizes the need for vigilance as threat actors exploit generative AI to innovate their attack methods.
Source link
