Android threats using GenAI usher in a new era
ESET researchers have discovered PromptSpy, the first known Android malware to abuse generative AI in its execution flow. This malware uses Google's Gemini AI to analyze screen content and provide instructions for UI manipulation, allowing it to adapt to various devices and layouts. PromptSpy's main purpose is to deploy a VNC module for remote access to the victim's device. It also abuses the Accessibility Service to block uninstallation, captures lockscreen data, and records video. The campaign appears to target users in Argentina and was likely developed in a Chinese-speaking environment. PromptSpy demonstrates how incorporating AI tools can make malware more dynamic and capable of real-time decision-making, potentially expanding the pool of potential victims.
AI Analysis
Technical Summary
PromptSpy is a novel Android malware discovered by ESET researchers that uniquely incorporates generative AI technology into its attack methodology. It utilizes Google's Gemini AI to analyze the device's screen content in real time, enabling it to understand and manipulate the user interface dynamically. This AI-driven approach allows PromptSpy to adapt its behavior to different devices and UI layouts, overcoming traditional static malware limitations. The primary goal of PromptSpy is to install a Virtual Network Computing (VNC) module, granting attackers remote access to the victim's device. This access can be exploited for spying, data theft, or further malicious activities. Additionally, PromptSpy abuses the Android Accessibility Service to block attempts to uninstall the malware, thereby increasing persistence on the device. It also captures sensitive lockscreen data and records video, further compromising user privacy. The campaign is currently observed targeting users in Argentina, with linguistic and technical indicators suggesting development in a Chinese-speaking environment. Although no active exploits have been reported in the wild, the use of generative AI in malware execution flow is a significant advancement, enabling more dynamic, context-aware, and potentially evasive attacks. The malware's indicators include specific file hashes and malicious domains used for command and control or payload delivery. This threat exemplifies how AI can be weaponized to enhance malware adaptability and effectiveness, signaling a new era in mobile threat landscapes.
Potential Impact
The integration of generative AI into Android malware like PromptSpy significantly raises the threat level by enabling real-time UI analysis and adaptive behavior, which can bypass traditional detection and mitigation techniques. Organizations and individuals using Android devices, especially in targeted regions, face risks including unauthorized remote access, data theft, privacy invasion through video recording, and device control loss. The abuse of Accessibility Services to block uninstallation complicates remediation efforts, potentially leading to prolonged infections. This malware could be used for espionage, financial theft, or as a foothold for broader network compromise if devices are connected to corporate environments. The dynamic nature of the AI-driven attack increases the likelihood of successful infection across diverse devices and Android versions, expanding the potential victim pool. Although currently focused on Argentina, the underlying technology could be adapted for global campaigns, posing a future risk to Android users worldwide. The threat also highlights the evolving sophistication of mobile malware, necessitating enhanced security strategies.
Mitigation Recommendations
1. Enforce strict app installation policies by allowing only apps from trusted sources such as the Google Play Store and employing app vetting solutions to detect AI-driven malware behaviors. 2. Monitor and restrict the use of Accessibility Services to only trusted applications, as misuse is a common persistence and control tactic. 3. Deploy advanced mobile threat defense (MTD) solutions capable of behavioral analysis that can detect anomalous UI manipulation and remote access modules. 4. Educate users about the risks of granting extensive permissions, especially Accessibility permissions, and encourage vigilance against suspicious apps or links. 5. Implement network-level protections to block known malicious domains associated with PromptSpy (e.g., m-mgarg.com, mgardownload.com) and monitor for unusual outbound connections. 6. Regularly update Android OS and security patches to reduce exploitation windows, even though this malware leverages AI rather than traditional exploits. 7. Employ endpoint detection and response (EDR) tools on mobile devices where feasible to identify and respond to suspicious activities such as video recording or lockscreen data capture. 8. Conduct threat hunting focused on AI-driven malware indicators and behaviors to identify infections early. 9. For organizations, enforce mobile device management (MDM) policies that can remotely wipe or quarantine compromised devices. 10. Collaborate with threat intelligence providers to stay updated on emerging AI-based malware trends and indicators.
Affected Countries
Argentina, China, United States, Brazil, Mexico, Spain
Indicators of Compromise
- hash: 4ee3b09dd9a787ebbb02a637f8af192a7e91d4b7af1515d8e5c21e1233f0f1c7
- domain: m-mgarg.com
- domain: mgardownload.com
Android threats using GenAI usher in a new era
Description
ESET researchers have discovered PromptSpy, the first known Android malware to abuse generative AI in its execution flow. This malware uses Google's Gemini AI to analyze screen content and provide instructions for UI manipulation, allowing it to adapt to various devices and layouts. PromptSpy's main purpose is to deploy a VNC module for remote access to the victim's device. It also abuses the Accessibility Service to block uninstallation, captures lockscreen data, and records video. The campaign appears to target users in Argentina and was likely developed in a Chinese-speaking environment. PromptSpy demonstrates how incorporating AI tools can make malware more dynamic and capable of real-time decision-making, potentially expanding the pool of potential victims.
AI-Powered Analysis
Technical Analysis
PromptSpy is a novel Android malware discovered by ESET researchers that uniquely incorporates generative AI technology into its attack methodology. It utilizes Google's Gemini AI to analyze the device's screen content in real time, enabling it to understand and manipulate the user interface dynamically. This AI-driven approach allows PromptSpy to adapt its behavior to different devices and UI layouts, overcoming traditional static malware limitations. The primary goal of PromptSpy is to install a Virtual Network Computing (VNC) module, granting attackers remote access to the victim's device. This access can be exploited for spying, data theft, or further malicious activities. Additionally, PromptSpy abuses the Android Accessibility Service to block attempts to uninstall the malware, thereby increasing persistence on the device. It also captures sensitive lockscreen data and records video, further compromising user privacy. The campaign is currently observed targeting users in Argentina, with linguistic and technical indicators suggesting development in a Chinese-speaking environment. Although no active exploits have been reported in the wild, the use of generative AI in malware execution flow is a significant advancement, enabling more dynamic, context-aware, and potentially evasive attacks. The malware's indicators include specific file hashes and malicious domains used for command and control or payload delivery. This threat exemplifies how AI can be weaponized to enhance malware adaptability and effectiveness, signaling a new era in mobile threat landscapes.
Potential Impact
The integration of generative AI into Android malware like PromptSpy significantly raises the threat level by enabling real-time UI analysis and adaptive behavior, which can bypass traditional detection and mitigation techniques. Organizations and individuals using Android devices, especially in targeted regions, face risks including unauthorized remote access, data theft, privacy invasion through video recording, and device control loss. The abuse of Accessibility Services to block uninstallation complicates remediation efforts, potentially leading to prolonged infections. This malware could be used for espionage, financial theft, or as a foothold for broader network compromise if devices are connected to corporate environments. The dynamic nature of the AI-driven attack increases the likelihood of successful infection across diverse devices and Android versions, expanding the potential victim pool. Although currently focused on Argentina, the underlying technology could be adapted for global campaigns, posing a future risk to Android users worldwide. The threat also highlights the evolving sophistication of mobile malware, necessitating enhanced security strategies.
Mitigation Recommendations
1. Enforce strict app installation policies by allowing only apps from trusted sources such as the Google Play Store and employing app vetting solutions to detect AI-driven malware behaviors. 2. Monitor and restrict the use of Accessibility Services to only trusted applications, as misuse is a common persistence and control tactic. 3. Deploy advanced mobile threat defense (MTD) solutions capable of behavioral analysis that can detect anomalous UI manipulation and remote access modules. 4. Educate users about the risks of granting extensive permissions, especially Accessibility permissions, and encourage vigilance against suspicious apps or links. 5. Implement network-level protections to block known malicious domains associated with PromptSpy (e.g., m-mgarg.com, mgardownload.com) and monitor for unusual outbound connections. 6. Regularly update Android OS and security patches to reduce exploitation windows, even though this malware leverages AI rather than traditional exploits. 7. Employ endpoint detection and response (EDR) tools on mobile devices where feasible to identify and respond to suspicious activities such as video recording or lockscreen data capture. 8. Conduct threat hunting focused on AI-driven malware indicators and behaviors to identify infections early. 9. For organizations, enforce mobile device management (MDM) policies that can remotely wipe or quarantine compromised devices. 10. Collaborate with threat intelligence providers to stay updated on emerging AI-based malware trends and indicators.
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://www.welivesecurity.com/en/eset-research/promptspy-ushers-in-era-android-threats-using-genai"]
- Adversary
- null
- Pulse Id
- 69976fb12f41d2de862d4683
- Threat Score
- null
Indicators of Compromise
Hash
| Value | Description | Copy |
|---|---|---|
hash4ee3b09dd9a787ebbb02a637f8af192a7e91d4b7af1515d8e5c21e1233f0f1c7 | — |
Domain
| Value | Description | Copy |
|---|---|---|
domainm-mgarg.com | — | |
domainmgardownload.com | — |
Threat ID: 69985e042c4d84f2604e723d
Added to database: 2/20/2026, 1:13:40 PM
Last enriched: 2/20/2026, 1:28:54 PM
Last updated: 2/20/2026, 11:59:38 PM
Views: 28
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
Maltrail IOC for 2026-02-20
MediumFBI: $20 Million Losses Caused by 700 ATM Jackpotting Attacks in 2025
MediumPromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence
MediumThreatFox IOCs for 2026-02-19
MediumUncovering Malicious Cryptocurrency Scam Domains and Hacked YouTube Channels
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.