New forms of malicious software are emerging, utilizing advanced artificial intelligence to alter their behavior in real-time. PromptSpy, a recently identified Android malware, stands out as the first known instance of its kind to integrate Google Gemini, a generative AI model, directly into its operational process. This development signals a shift from traditional malware, which typically relies on fixed, pre-programmed instructions. The use of AI allows PromptSpy to adapt to the unique characteristics of individual Android devices and user interfaces, potentially increasing its effectiveness and elusiveness.
Genesis of an Adaptive Threat
The discovery of PromptSpy by researchers at ESET marks a significant moment in cybersecurity. Unlike older malware that might be designed for a specific device model or operating system version, PromptSpy demonstrates an ability to learn and adjust.
ESET's findings indicate that PromptSpy employs Google Gemini to interpret on-screen elements of a compromised device.
Based on this interpretation, the AI provides dynamic instructions, guiding the malware on how to perform specific actions.
One noted action is maintaining presence within the "recent apps" list, a technique that can help evade detection.
This adaptive capability means that the malware does not need to be updated with new code to function on different devices. Instead, it uses AI to figure out how to operate on each target system.
Read More: OpenAI Banned Suspect's ChatGPT Account Months Before Tumbler Ridge Shooting
Data Collection and Remote Control
PromptSpy's primary function appears to be espionage and remote control. Once installed on an Android device, it possesses several concerning capabilities:
Information Theft: It can access and steal sensitive data such as lock screen PINs and passwords.
Screen Monitoring: The malware is capable of capturing screenshots and recording screen activity as video.
App Data Gathering: It can upload a list of all installed applications and gather information about the apps currently in use.
Remote Access: A key feature is its Virtual Network Computing (VNC) module, which enables attackers to view the device's screen and execute commands remotely, effectively taking over the device.
The AI Advantage: Adaptability Over Rigidity
The core innovation of PromptSpy lies in its use of generative AI. Traditional malware is often brittle; its coded instructions work only under specific conditions. If a device's interface changes even slightly, the malware might fail.
PromptSpy circumvents this limitation by using Gemini. The AI model acts as an interpreter, allowing the malware to understand the current state of the device's screen.
This interpretation enables PromptSpy to dynamically adjust its actions, making it more resilient to variations across Android devices.
Researchers suggest this allows the malware to assimilate into different environments without relying on a fixed, script-based approach.
Broader Trends: AI in Malware Development
PromptSpy is not an isolated incident but appears to be part of a growing trend of threat actors leveraging artificial intelligence.
PromptFlux Malware: Reports from November 2025 detail PromptFlux, malware that uses the Gemini AI model API to rewrite its own source code hourly. This is primarily for better obfuscation and evading antivirus software. The prompts sent to Gemini are specific, requesting code changes for antivirus evasion.
State-Sponsored Actors: Google Threat Intelligence has also observed state-backed actors from countries like China, Iran, and North Korea actively misusing AI models, including Gemini, for tasks such as reconnaissance, creating phishing materials, and developing new tools.
"Promptware" Attacks: Researchers have demonstrated "promptware" attacks, where AI models like Gemini can be tricked through crafted inputs, such as malicious calendar event descriptions, to perform unintended actions, including controlling smart home devices.
Despite these advancements, current reports suggest that many of these AI-powered malware types do not yet pose a direct, large-scale threat. However, the capabilities observed point towards a future where AI is increasingly embedded in cyber operations, blurring the lines between AI-as-a-service and malware-as-a-service.
ESET's Guidance
In response to the discovery of PromptSpy, ESET researchers recommend that users reboot infected devices into Safe Mode as a measure to combat this type of sophisticated malware.
Read More: Persona age verification system exposed user data including ID documents and selfies
Sources
Indian Express: Published 5 minutes ago. Discusses PromptSpy as the first Android malware using generative AI, highlighting its adaptive capabilities and data theft features. https://indianexpress.com/article/technology/tech-news-technology/promptspy-google-gemini-powered-malware-android-phones-10544069/
Android Authority: Published 1 day ago. Reports on PromptSpy using Gemini AI for real-time adaptation across different Android devices, quoting ESET research. https://www.androidauthority.com/android-malware-promptspy-uses-generative-ai-gemini-3642832/
How-To Geek: Published 16 hours ago. Explains how PromptSpy uses generative AI to adapt to specific Android devices and details its capabilities for stealing PINs, recording screen activity, and more. https://www.howtogeek.com/new-android-malware-uses-gemini-ai-to-learn-how-to-run-on-specific-devices/
ESET: Published 2 days ago. Official announcement from ESET researchers detailing PromptSpy as the first Android threat to use generative AI, outlining its features and VNC module. https://www.eset.com/us/about/newsroom/research/eset-research-discovers-promptspy-first-android-threat-using-genai/
NewsBreak (Seen on AOL): Reports on PromptSpy exploiting Google Gemini for sensitive data theft, noting the platform's role in content hosting and moderation. https://www.newsbreak.com/news/4503366788394-promptspy-how-a-new-android-malware-exploits-google-s-gemini-ai-to-steal-sensitive-data-from-your-phone
The Hacker News: Published Nov 5, 2025. Covers PromptFlux malware, which uses Gemini AI to rewrite its code hourly for evasion, referencing a Google discovery. https://thehackernews.com/2025/11/promptflux-malware-that.html
Ars Technica: Published Aug 6, 2025. Details "promptware" attacks where researchers used Google Calendar to influence Gemini's behavior, including controlling smart home devices. https://arstechnica.com/google/2025/08/researchers-use-calendar-events-to-hack-gemini-control-smart-home-gadgets/
Security Online: Published Nov 6, 2025. Reports on Google exposing AI-enabled malware like PromptFlux that uses Gemini LLM to rewrite its code, also noting state-backed actors misusing AI. https://securityonline.info/next-gen-threat-google-exposes-ai-enabled-malware-that-rewrites-its-own-code-with-gemini-llm/
)
