.jpg)
PromptSpy is the first known Android malware to use generative AI at runtime
BleepingComputer • • technology
Key Points:
- Researchers have identified "PromptSpy," the first known Android malware to integrate generative AI, specifically Google's Gemini model, to adapt its persistence mechanisms across different devices.
- PromptSpy uses Gemini to analyze the device's UI and generate instructions to lock or pin the malware app in the Recent Apps list, preventing Android from terminating it and thus maintaining persistence.
- The malware functions primarily as spyware with capabilities including remote device access via a built-in VNC module, capturing screen activity, intercepting lockscreen credentials, and blocking uninstallation attempts through deceptive UI overlays.
- It remains unclear if PromptSpy is an active threat or a proof-of-concept, as ESET has not detected it in their telemetry; however, evidence of its distribution through fake banking sites
