What is PromptSpy malware?

PromptSpy is the first Android malware using generative AI (Google's Gemini) to analyze screens and get instructions for persistence, plus VNC remote access and data theft.

How does PromptSpy use AI?

It sends screen XML to Gemini with prompts, gets back JSON steps to lock itself in recent apps—adapting to any Android device or UI.

Can PromptSpy infect my phone?

Unlikely if you stick to Google Play and have Play Protect on; it's spread via shady websites, mainly targeting Argentina so far.

Explainers

[First] PromptSpy: Android Malware Hijacks Gemini AI

Imagine malware that's not just smart—it's *conversing* with AI to outsmart your phone's swipes. PromptSpy does exactly that, marking the dawn of generative AI in Android threats.

CVE Watch Apr 14, 2026 3 min read

PromptSpy Android malware using Gemini AI to manipulate screen UI for persistence

⚡ Key Takeaways

PromptSpy is the first Android malware using genAI (Gemini) for dynamic UI manipulation to achieve persistence. 𝕏
Deploys VNC for remote control, blocks uninstalls, steals data—financially motivated, targeting Argentina. 𝕏
Marks a shift: AI makes malware adaptive, evading traditional defenses; expect more soon. 𝕏

Written by

Maya Thompson

Threat intelligence reporter. Tracks CVEs, ransomware groups, and major breach investigations.

#Android malware #ESET research #Gemini AI abuse #Gemini abuse #PromptSpy #generative AI threats

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by WeLiveSecurity (ESET)

⚡ Key Takeaways

The 60-Second TL;DR

Maya Thompson

Share this article

Worth sharing?

Related Stories

[February 2026] AI Powers 600+ FortiGate Hacks & ATM Jackpots

What is CVSS Score?

What is a Supply Chain Attack?

What is an APT (Advanced Persistent Threat)?

Stay in the loop