PromptSpy Ushers in the Era of Android Threats Using GenAI

The emergence of AI‑driven Android malware marks a turning point in mobile threat evolution. While machine‑learning models have previously been used for ad‑fraud automation, PromptSpy is the first to embed a generative AI model—Google’s Gemini—directly into its execution flow. By transmitting a detailed XML dump of the current UI, the malware receives precise, context‑aware commands that adapt to any device skin, screen size, or OS version. This dynamic approach eliminates the brittle hard‑coded coordinates that traditional Android trojans rely on, making detection through static analysis considerably harder.

Beyond its AI‑assisted persistence, PromptSpy equips attackers with a full‑featured VNC server, encrypted with AES, enabling real‑time screen viewing and remote interaction. The malware also hijacks the Accessibility Service to overlay invisible buttons that intercept uninstall attempts, capture lock‑screen data, and record video of user activity. Distribution occurs via a spoofed Chase Bank website targeting Spanish‑speaking users in Argentina, illustrating how threat actors combine social engineering with advanced code to broaden their victim pool.

For security professionals, PromptSpy underscores the urgency of updating mobile threat models to account for generative AI capabilities. Traditional signature databases and heuristic UI‑navigation rules may miss AI‑generated actions, prompting a shift toward behavior‑based monitoring and AI‑aware sandboxing. Google Play Protect already blocks known samples, but the proof‑of‑concept nature of PromptSpy suggests more sophisticated variants could appear soon. Organizations should enforce strict app installation policies, monitor Accessibility Service usage, and educate users about suspicious banking‑style prompts to mitigate this emerging risk.