- PromptSpy malware uses Gemini to automate its persistence
- Malware blocks removal through AI-guided interface control
- Gemini interprets screen data and returns actionable gestures
Security experts have revealed new findings about PromptSpy, an Android malware whose code contains a predefined message and AI settings that are hard-coded and cannot be changed at runtime.
The malware uses Google’s Gemini to interpret on-screen elements and provide step-by-step instructions for interacting with the user interface.
By sending XML snapshots of the device’s screen to Gemini, PromptSpy receives the precise gestures, taps, and swipes needed to keep your app pinned to the recent apps list.
Persistence through AI-guided interface interaction
New information from ESET researchers describes how this is the first known case of Android malware that uses generative AI in its execution flow.
The PromptSpy infection chain begins with an app dropper that imitates a legitimate Spanish update and encourages users to install the app.
Once installed, the payload requests permissions from the Accessibility Service, which allows the malware to capture detailed user interface information and perform automated interactions.
Using this data, PromptSpy continuously communicates with Gemini, sending XML snapshots of the screen and receiving step-by-step instructions to lock itself to the recent apps list.
Transparent overlays on the uninstall or stop buttons prevent normal removal and require users to enter Safe Mode to uninstall the app.
The malware also contains a VNC module that allows operators to remotely monitor devices and interact with the interface, so that it can intercept lock screen credentials, record user gestures, take screenshots, and capture videos of device activity.
Communication with the command and control server is encrypted using AES, allowing malware to securely receive Gemini API keys.
A portion of the code uses generative AI to interpret UI scenarios and provide step-by-step instructions to maintain persistence.
The localization details of this malware indicate that PromptSpy was developed in a Chinese-speaking environment; However, its distribution appears to be aimed at Spanish-speaking users living in South America, specifically Argentina.
The malware is not available on Google Play, but Google Play Protect provides protection against known versions.
PromptSpy requests permissions from the Accessibility Service, captures the device’s UI context, and performs actions in the background without user intervention.
It locks on the recent apps list using Gemini AI instructions and overlays transparent elements on the uninstall buttons to block malware removal.
The malware’s network communication can interact with firewalls when it connects to its encrypted command and control server.
The dropper application uses a fake update screen in Spanish to request the installation of the payload.
Once started, PromptSpy communicates with its encrypted command and control server to receive instructions, including Gemini API keys.
The malware captures XML snapshots of the device’s screen and sends them to Gemini, which returns instructions in JSON format that the malware executes to ensure persistence.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
