Skip to main content
institutional access

You are connecting from
Lake Geneva Public Library,
please login or register to take advantage of your institution's Ground News Plan.

Published loading...Updated

Android Malware Taps Gemini to Navigate Infected Devices

PromptSpy uses Google’s Gemini AI to improve persistence and enable remote control on Android devices, targeting Argentina with phishing domains impersonating JPMorgan Chase, ESET found.

  • ESET discovered PromptSpy, an Android malware that uses Google's Gemini AI to interpret device UI and deploy a VNC module for remote control, enabling persistence.
  • By design, the malware leverages generative AI to adapt to different devices and UI layouts, expanding victims; ESET traced VNCSpy on VirusTotal from January 13th, 2026, with targeting focused on Argentina.
  • Technically, PromptSpy operates by sending a natural-language prompt and XML screen dump to Gemini, which returns JSON to perform taps via Accessibility Service and a VNC module, while overlaying transparent rectangles to block uninstall, forcing Safe Mode removal.
  • ESET cautioned that despite domains m-mgargcom and mgardownloadcom impersonating JPMorgan Chase, it has not seen PromptSpy in ESET telemetry, saying, `We haven't seen any signs of the PromptSpy dropper or its payload in our telemetry so far, which could mean they're only proofs of concept.`
  • Looking ahead, the discovery positions PromptSpy as the first Android malware using generative AI, while Google Threat Intelligence and NYU student researchers highlight the generative AI threat trend.
Insights by Ground AI

16 Articles

Right

Researchers from the European IT security company ESET have discovered a new Android malware that Google uses to protect itself from closing and remain permanently active on the device. Cybercriminals have thus crossed a technological threshold, the company warned in a communication. The malware called PromptSpy disguises itself as a banking app "MorganArgi (a fake of the Chase/JPMorgan app) and is spread over fake websites. So far, the campaign…

·Vienna, Austria
Read Full Article

PromptSpy seems to be the first Android malware to exploit the generative AI in its running chain. In this case, Gemini in an approach of analysis of the user interface and to ensure its persistence.

Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 50% of the sources are Center
50% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

Help Net Security broke the news in on Thursday, February 19, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

News
Feed Dots Icon
For You
Search Icon
Search
Blindspot LogoBlindspotLocal