• PromptSpy is the first known Android malware to use generative AI at runtime February 19, 2026 05:36 PM 0 Researchers have discovered the first known Android malware to use generative AI in its execution flow, using Google’s Gemini model to adapt its persistence across different devices. • In a report today, ESET researcher Lukas Stefanko explains how a new Android malware family named “PromptSpy” is abusing the Google Gemini AI model to help it achieve persistence on infected devices. • “In February 2026, we uncovered two versions of a previously unknown Android malware family,“explains ESET. • “The first version, which we named VNCSpy, appeared on VirusTotal on January 13th, 2026 and was represented by three samples uploaded from Hong Kong. • On February 10th, 2026, four samples of more advanced malware based on VNCSpy were uploaded to VirusTotal from Argentina.” First known Android malware to use generative AI While machine learning models have previously been used by Android malware toanalyze screenshots for ad fraud, ESET says that PromptSpy is the first known case of Android malware integrating generative AI directly into its execution. • On some Android devices, users can “lock” or “pin” an app in the Recent Apps list by long-pressing it and selecting a lock option.
Article Summaries:
- ESET researchers have identified PromptSpy, the first Android malware to embed a generative AI model (Google Gemini) into its runtime. The malware, first seen in February 2026, uses Gemini to interpret screen dumps and generate JSON instructions that lock the app in the Recent‑Apps list, a persistence technique that varies by device manufacturer. PromptSpy also includes a VNC module for remote control, enabling spyware functions such as app enumeration, PIN capture, screen recording, and screenshot capture. To thwart removal, the malware overlays invisible UI elements that intercept uninstall or permission‑revocation attempts. This marks a novel use of LLMs to automate complex device‑specific actions.
Sources: