ESET researchers have identified the PromptSpy Android malware, developed by Chinese creators, as the first to employ generative AI for operational persistence on infected devices. This malware implements a novel technique by integrating Google’s Gemini AI to navigate the device’s screen, enabling it to secure a spot in the recent apps list and maintain its presence after reboots. Additionally, PromptSpy utilizes Accessibility Services to overlay invisible elements over uninstall buttons, complicating its removal. While ESET has reported no active infections, the firm has detected a domain that seems to be aimed at distributing this malware to users in Argentina.
PromptSpy Android malware exploits Gemini AI for persistence
