CYBERSECURITY researchers have identified PromptSpy, an Android malware dubbed by ESET, as the first to abuse Google's Gemini AI within its execution flow to achieve persistence.
The malware can capture lockscreen data, block uninstallation, collect device information, take screenshots, and record screen activity as video. according to ESET, Gemini processes a current screen snapshot and returns JSON instructions that tell the malware how to interact with UI elements, guiding it to pin itself in the recent apps list so it cannot be easily swiped away or killed.
The campaign appears financially motivated and targeted users in Argentina, with development strings indicating a Chinese-speaking environment, and PromptSpy is described as not being available on Google Play. It uses a dropper hosted on mgardownload[.]com masquerading as JPMorgan Chase under the name MorganArg, and the dropper instructs permissions to install from unknown sources to deploy PromptSpy, contacting a hard-coded C2 server at 54.67.2[.]84 for configuration and Gemini API key delivery.
The attackers also deploy an inbuilt VNC module for remote access and abuse Android accessibility services to prevent uninstallation, with the attackers’ activity noted as requiring Safe Mode reboot to remove.