BBS: TELESC.NET.BR
Assunto: Malware uses AI to ensure infection
De: Mike Powell
Data: Tue, 24 Feb 2026 11:11:11 -0500
-----------------------------------------------------------
'The AI model and prompt are predefined in the code and cannot be changed':
Experts say PromptSpy is the first known Android malware to use Gemini to
ensure infection
By Efosa Udinmwen published 20 hours ago
Chinese-developed PromptSpy malware exploits Gemini AI to hack Android devices
PromptSpy malware uses Gemini to automate its persistence
The malware blocks removal through an AI-guided interface control
Gemini interprets screen data and returns actionable gestures
Security experts have revealed new findings on PromptSpy, an Android malware
whose code contains a predefined prompt and AI configuration that are hardcoded
and cannot be changed at runtime. The malware uses Google's Gemini to
interpret on-screen elements and provide step-by-step instructions for
interacting with the user interface.
By sending XML snapshots of the device screen to Gemini, PromptSpy receives
precise gestures, taps, and swipes needed to keep its app pinned in the recent
apps list.
Persistence through AI-guided interface interaction
New information from researchers at ESET outlines how this is the first known
instance of Android malware using generative AI in its execution flow.
PromptSpy's infection chain begins with a dropper application that mimics a
legitimate update in Spanish and encourages users to install the app. Once
installed, the payload requests Accessibility Service permissions, which enable
the malware to capture detailed UI information and perform automated
interactions.
Using this data, PromptSpy continuously communicates with Gemini, sending XML
snapshots of the screen and receiving step-by-step instructions to lock itself
in the recent apps list. Transparent overlays on uninstall or stop buttons
prevent normal removal and require users to enter Safe Mode to uninstall the
app.
The malware also contains a VNC module that allows operators to remotely
monitor devices and interact with the interface, so it can intercept lock
screen credentials, record user gestures, take screenshots, and capture video
of the device's activity.
Communication with the command-and-control server is encrypted using AES, which
allows the malware to securely receive Gemini API keys. A portion of the code
uses generative AI to interpret UI scenarios and provide step-by-step
instructions to maintain persistence.
The localization details of this malware indicate that PromptSpy was developed
in a Chinese-speaking environment - however its distribution appears to have
targeted Spanish-speaking users who live in South America, specifically
Argentina.
The malware is not available on Google Play, but Google Play Protect provides
protection against known versions.
PromptSpy requests Accessibility Service permissions, captures device UI
context, and performs actions in the background without user input. It locks
itself in the recent apps list using AI instructions from Gemini and overlays
transparent elements on uninstall buttons to block the malware removal.
The malware's network communication can interact with firewalls when
connecting to its hardcoded command-and-control server.
The dropper application uses a fake update screen in Spanish to prompt
installation of the payload.
Once launched, PromptSpy communicates with its hardcoded command-and-control
server to receive instructions, including Gemini API keys.
The malware captures XML snapshots of the device screen and sends them to
Gemini, which returns JSON-formatted instructions that the malware executes to
ensure persistence.
https://www.techradar.com/pro/the-ai-model-and-prompt-are-predefined-in-the-cod
e-and-cannot-be-changed-experts-say-promptspy-is-the-first-known-android-malwar
e-to-use-gemini-to-ensure-infection
$$
--- SBBSecho 3.28-Linux
* Origin: Capitol City Online (1:2320/105)
-----------------------------------------------------------
[Voltar]