Tuesday , July 14 2026
PromptSpy

PromptSpy: First Android AI Malware Uses Google’s Gemini for Decisions

ESET researchers discover PromptSpy, the first Android malware using generative AI for persistence. This is the first instance of such AI being used in this way. The attackers use prompts directed at Google’s Gemini to manipulate the UI, leading to the name PromptSpy.

The malware can collect lockscreen data, prevent uninstallation, gather device details, take screenshots, record videos of screen activity, and more. This is the second AI-powered malware found by ESET Research, after PromptLock in August 2025, which was the first known AI-driven ransomware.

Meta’s louisiana data center to exceed 250 billion price tag

Meta announced on Monday that its data center in Richland Parish, Louisiana, will grow to 5 gigawatts of computing power....
Read More
Meta’s louisiana data center to exceed 250 billion price tag

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

Daily Cyber security update for 10. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 10. 07. 2026

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

Mycelium Framework: First AI-as-a-Service Botnet

A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn't just get...
Read More
Mycelium Framework: First AI-as-a-Service Botnet

CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use...
Read More
CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company's AI chatbot system....
Read More
Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

This campaign seems financially motivated and mainly targets users in Argentina, based on language clues and analysis findings. However, PromptSpy hasn’t been seen in ESET telemetry, suggesting it might be just a proof of concept.

Generative AI is only used in a small section of PromptSpy’s code, specifically for persistence, but it greatly enhances the malware’s adaptability. Gemini gives instructions on how to pin the malicious app in the recent apps list, making it harder to remove. The AI model and prompts are fixed in the code and cannot be modified.

“Since Android malware often relies on UI-based navigation, leveraging generative AI enables threat actors to adapt to more or less any device, layout, or operation system version, which can greatly increase the pool of potential victims,” says ESET researcher Lukáš Štefanko, who discovered PromptSpy.

“The main purpose of PromptSpy is to deploy a built-in VNC module, giving operators remote access to the victim’s device. This Android malware also abuses Accessibility Services to block uninstallation with invisible overlays, captures lockscreen data, and records screen activity as video. It communicates with its Command & Control server via AES encryption,” adds Štefanko.

PromptSpy is only accessible via its website, not on Google Play. ESET, a partner in the App Defense Alliance, provided their findings to Google. Android users are safeguarded from known versions of this malware by Google Play Protect, which is default-enabled on devices using Google Play Services.

“Even though PromptSpy uses Gemini in just one of its features, it still demonstrates how implementing these tools can make malware more dynamic, giving threat actors ways to automate actions that would normally be more difficult with traditional scripting,” says Štefanko.

With the app’s name being MorganArg and its icon seemingly inspired by Morgan Chase, the malware is likely impersonating the Morgan Chase bank. MorganArg, likely a shorthand for “Morgan Argentina”, also appears as the name of the cached website, suggesting a regional targeting focus.

PromptSpy prevents uninstallation by using invisible elements on the screen, so the victim must reboot their device into Safe Mode to remove it. To enter Safe Mode, users usually press and hold the power button, long press Power off, and confirm the prompt. This may vary by device. After restarting in Safe Mode, users can go to Settings → Apps → MorganArg and uninstall it easily.

For a detailed analysis of PromptSpy, read ESET Research’s latest blog post “PromptSpy ushers in the era of Android threats using GenAI” on WeLiveSecurity.com.

Check Also

CLI

Azure CLI Password Spray Impacts 78 Microsoft Accounts in 81M+ Attempts

Cybersecurity researchers have warned of a “massive, ongoing, automated password spray attack” aimed at Microsoft’s …