New Threat Abuses Google’s Gemini to Navigate Device UI, Achieving Unprecedented Persistence and Remote Control
ESET Research has identified a groundbreaking evolution in mobile threats: PromptSpy. This is the first known Android malware to integrate Generative AI directly into its execution flow. By leveraging AI to interpret on-screen elements, PromptSpy can dynamically adapt to different device layouts, making it one of the most resilient mobile threats discovered to date.
While the malware’s primary goal is data theft, it uses Google’s Gemini for a specific, sophisticated task: UI Manipulation for Persistence. Dynamic Instructions: The malware prompts Gemini to interpret the device’s unique Recent Apps screen.
- The AI provides step-by-step instructions on how to lock or pin the malicious app, preventing the user or the system from swiping it away.
- By using AI instead of rigid scripts, the malware can bypass the layout differences between various Android manufacturers (Samsung, Google, Xiaomi, etc.).
The AI component is just the navigator. The actual payload is a powerful Virtual Network Computing (VNC) module that grants attackers full remote access. Key capabilities include:
- Screen Recording: Capturing activity as video and taking screenshots.
- Data Exfiltration: Gathering device info and lockscreen data.
- Anti-Uninstallation: Abusing Accessibility Services to create invisible overlays that block the user from deleting the app.
“Leveraging generative AI enables threat actors to adapt to more or less any device layout or OS version, which can greatly increase the pool of potential victims.” — Lukáš Štefanko, ESET Researcher.
The malware, disguised as MorganArg (impersonating Morgan Chase Argentina), is currently distributed via a dedicated website rather than Google Play. While it appears to be a sophisticated Proof of Concept targeting Argentina, its existence proves that the AI malware era has officially arrived.
