PromptSpy uses GenAI to persist on Android via AI-guided UI manipulation

February 20, 2026 at 09:14 AM

•

1 min read

PromptSpy uses GenAI to persist on Android via AI-guided UI manipulation — Photo: WeLiveSecurity

TL;DR Summary

ESET researchers uncovered PromptSpy, the first known Android malware to use generative AI (Google Gemini) to drive UI-level actions for persistence. By feeding Gemini an XML snapshot of the current screen, the AI returns step-by-step tap instructions to keep the app in the recent apps list, while a built-in VNC module provides remote access. The malware also exploits Accessibility Services, overlays to hinder uninstallation, and can capture lockscreen data and screen video. Distribution appears tied to Argentina via a banking/phishing site; no Google Play presence. This example shows how AI can make Android threats more adaptive and harder to defeat.

Topics:technology #android-malware #generative-ai #persistence #promptspy #security #vnc

Share this article

PromptSpy ushers in the era of Android threats using GenAI WeLiveSecurity
PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence The Hacker News
Android malware taps Gemini to navigate infected devices theregister.com
PromptSpy is the first known Android malware to use generative AI at runtime BleepingComputer
Cybersecurity experts spot first Android virus using AI. But it turns out it was a student proof-of-concept dev.ua

Reading Insights

Total Reads

Unique Readers

Time Saved

15 min

vs 16 min read

Condensed

97%

3,141 → 100 words

Want the full story? Read the original article

Read on WeLiveSecurity

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights