Google’s Gemini AI Exploited by First AI-Powered Android Malware, PromptSpy
Cybersecurity researchers have uncovered PromptSpy, a pioneering Android malware that manipulates Google’s Gemini AI to maintain persistence on infected devices. This advanced malware signifies a novel evolution in mobile threats, employing generative AI in real-time during execution.
Security firm ESET disclosed that PromptSpy transmits screenshots and XML data of the device’s user interface to Google’s Gemini chatbot. The chatbot then offers step-by-step instructions in JSON format on how to keep the malicious app pinned in the recent apps list. This strategy effectively prevents users from easily eliminating it by swiping it away or forcing it to close.
The malware’s primary objective is to deploy a VNC module that provides attackers with remote access to victims’ devices. Its capabilities include:
- Capturing lockscreen PINs and passwords
- Taking screenshots
- Recording screen activity
- Blocking uninstallation attempts using invisible overlays
ESET researcher Lukas Stefanko elucidated that the malware’s ability to interpret on-screen elements using generative AI allows it to adapt to virtually any device, screen size, or UI layout. This greatly increases the pool of potential victims.
Evidence, including a distribution website posing as JPMorgan Chase under the name “MorganArg,” suggests that the campaign is primarily targeting users in Argentina. However, ESET has not yet detected PromptSpy in its global telemetry, implying it may still be a proof of concept or in limited distribution.