Skip to main content
Login
institutional access

You are connecting from
Lake Geneva Public Library,
please login or register to take advantage of your institution's Ground News Plan.

Published loading...Updated

Android Malware Taps Gemini to Navigate Infected Devices

PromptSpy uses Google’s Gemini AI to improve persistence and enable remote control on Android devices, targeting Argentina with phishing domains impersonating JPMorgan Chase, ESET found.

  • ESET discovered PromptSpy, an Android malware that uses Google's Gemini AI to interpret device UI and deploy a VNC module for remote control, enabling persistence.
  • By design, the malware leverages generative AI to adapt to different devices and UI layouts, expanding victims; ESET traced VNCSpy on VirusTotal from January 13th, 2026, with targeting focused on Argentina.
  • Technically, PromptSpy operates by sending a natural-language prompt and XML screen dump to Gemini, which returns JSON to perform taps via Accessibility Service and a VNC module, while overlaying transparent rectangles to block uninstall, forcing Safe Mode removal.
  • ESET cautioned that despite domains m-mgargcom and mgardownloadcom impersonating JPMorgan Chase, it has not seen PromptSpy in ESET telemetry, saying, `We haven't seen any signs of the PromptSpy dropper or its payload in our telemetry so far, which could mean they're only proofs of concept.`
  • Looking ahead, the discovery positions PromptSpy as the first Android malware using generative AI, while Google Threat Intelligence and NYU student researchers highlight the generative AI threat trend.
Insights by Ground AI

16 Articles

Kronen ZeitungKronen Zeitung
Right

Android Malware Protects Itself with Google's Gemini

Researchers from the European IT security company ESET have discovered a new Android malware that Google uses to protect itself from closing and remain permanently active on the device. Cybercriminals have thus crossed a technological threshold, the company warned in a communication. The malware called PromptSpy disguises itself as a banking app "MorganArgi (a fake of the Chase/JPMorgan app) and is spread over fake websites. So far, the campaign…

·Vienna, Austria
Read Full Article
BleepingComputerBleepingComputer
Center

PromptSpy is the first Android malware to use generative AI at runtime

Researchers have discovered the first known Android malware to use generative AI in its execution flow, using Google's Gemini model to adapt its persistence across different devices.

Read Full Article
PC MagPC Mag
Lean Left

This Android Malware Connects to Google Gemini for Tips on Hacking Targets

'PromptSpy' appears to be the first Android malware that uses generative AI in its execution flow, according to antivirus provider ESET.

·United States
Read Full Article
The RegisterThe Register
Center

Android malware taps Gemini to navigate infected devices

: The real deal or another research project overblown?

Read Full Article
uniradiosonora.comuniradiosonora.com

Eset Discovers the First Threat to Android that Uses Generational Ai - Uniradio Informa Sonora

Read Full Article
Génération-NTGénération-NT

How Does Promptspy Malware Turn Google's Ai Into a Formidable Weapon?

PromptSpy seems to be the first Android malware to exploit the generative AI in its running chain. In this case, Gemini in an approach of analysis of the user interface and to ensure its persistence.

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 50% of the sources are Center
50% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

Help Net Security broke the news in on Thursday, February 19, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Cyberattacks icon

Cyberattacks

Google icon

Google

Apps icon

Apps

Gemini (Google) icon

Gemini (Google)

Android icon

Android

Artificial Intelligence icon

Artificial Intelligence

Cybersecurity icon

Cybersecurity

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal