Thought Leadership
Security researchers at Slovak IT company ESET have discovered a new Android malware that actively leverages Google Gemini during live operation, marking the first time an Android threat has used generative AI not as a peripheral feature, but as its central control mechanism.
The malware, dubbed PromptSpy, disguises itself as a banking app under the name “MorganArg,” a fake version of the Chase/JPMorgan application. It spreads through manipulated websites rather than official app stores like Google Play. While the campaign has so far primarily targeted users in Argentina, the underlying technique is fundamentally applicable worldwide.
Gemini tells the malware what to do
The key distinction from previous Android malware lies in its persistence mechanism. Instead of relying on hardcoded commands, which can fail across different Android versions or manufacturer interfaces, PromptSpy feeds the current screen content to Google’s AI model Gemini. The model analyzes the displayed interface and returns context-aware, step-by-step instructions, such as which button to press to prevent the app from being closed or uninstalled.
“The malware gets the AI to explain what it needs to do next,” says ESET researcher Lukáš Štefanko. “This means it works on virtually any device, regardless of manufacturer or Android version.” That makes the approach technically robust in a way traditional malware is not: where conventional threats fail when encountering unfamiliar UI elements, PromptSpy improvises with Gemini’s help.
Full control over the device
Once installed, the app deploys a remote access module that grants attackers extensive control. They can monitor the screen in real time, intercept keystrokes, capture the device lock code, and independently execute actions such as initiating wire transfers, opening apps, or harvesting passwords. Uninstallation is actively hindered through invisible UI elements that block the relevant buttons. According to ESET, indicators within the malicious code suggest the developers operate in a Chinese-speaking environment.
Protection through official sources and regular updates
The most important safeguard remains limiting app installations to official sources. Users who stick exclusively to Google Play and avoid sideloading APK files from third-party sites significantly reduce their risk. Particular caution is warranted when an app requests permissions for Android Accessibility Services, as these grant deep system access and are routinely abused by malware.
Regular system updates close known attack vectors. Anyone suspecting a compromised device can reboot in safe mode, where malicious apps are inactive and easier to remove. Devices with Google Play Protect enabled are protected against known variants of PromptSpy.
(lb/ESET)
