Cyberattacks – AI-powered Android malware

For the first time, Android malware actively uses generative AI during operation.

Security researchers from ESET have discovered malware that attacks Google's systems. Gemini-model used to establish a foothold on infected devices – thus ushering in a new era of mobile cyberattacks.

What is PromptSpy?

Researchers at the European IT security company ESET have identified a new Android malware called PromptSpy, which masquerades as a banking-App “MorganArg” disguises itself as a fake version of the JPMorganChase application.

It is distributed via manipulated websites, not through official app stores. So far, the campaign is mainly targeting users in Argentina, but the technology used is globally applicable across platforms.

What distinguishes PromptSpy from known Android malware is the use of Google's AI model Gemini directly during operation.

AI analyzes in real time

Instead of relying on rigid, pre-programmed commands, the malware transmits the current screen content to Gemini.

The AI ​​analyzes the interface and specifies step by step which buttons must be pressed to prevent the app from closing.

“The malware uses AI to tell it what to do next,” explains Lukas Stefanko of ESET Research. “This allows it to work on virtually any device, regardless of manufacturer or Android version. This makes it particularly adaptable.”

This approach allows the malware to dynamically adapt to different device interfaces and Android versions – without the attackers having to write separate code for each device.

Device access after installation

After successful installation, PromptSpy installs a remote control module that gives attackers almost complete control over the smartphone. Specifically, criminals can:

– Monitor the screen in real time,
– Reading keystrokes and passwords,
– intercept the device's lock code,
– Reading messages and opening apps as well as
– Initiate bank transfers independently.

Removing the app is made even more difficult because invisible elements actively block certain buttons.

“We are seeing a new level of Android malware here,” said Stefanko. “AI is not just being used as a buzzword, but is being specifically employed to bypass protection mechanisms.”

The second case of this kind

PromptSpy is not the first case where generative AI has been deeply integrated into malicious code.

Following the discovery of the AI-powered ransomware called PromptLock in August 2025, this finding marks the second known case in which cybercriminals are specifically using AI to overcome technical security barriers.

Evidence in the codebase suggests that the developers are working in a Chinese-speaking environment.

How Android users can protect themselves

Even if the threat is technologically novel, classic security measures still provide reliable protection.

◉ Only install apps from official sources. Those who exclusively use Google Play and do not download APK files from third-party websites close the primary infection route.

Be careful with accessibility permissions. If an app requests access to accessibility features, be especially skeptical. These permissions allow extensive device access and are regularly abused by malware.

Perform regular system updates. Current Android versions close known security vulnerabilities that malware exploits.

◉ Leave Google Play Protect enabled. Devices with Play Protect enabled are protected against known variants of PromptSpy.

◉ In case of suspected infection: use safe mode. Anyone who suspects an infection should restart their device in safe mode. In this state, third-party apps are inactive and can usually be uninstalled.

ESET publishes further technical details and screenshots for analysis on its official security blog at welivesecurity.com.

Sierks Media / © Photo: Daniel Romero, Unsplash