Cybersecurity researchers at ESET have uncovered what they describe as the first Android malware to abuse Gemini as part of its execution chain to achieve persistence on compromised devices.
The malware, dubbed PromptSpy, leverages Gemini to dynamically analyze the device’s user interface and automate actions that help it remain active. By embedding a hard-coded AI model reference and prompt, the malware assigns Gemini the persona of an “Android automation assistant.”
At runtime, PromptSpy sends Gemini a natural language prompt along with an XML dump of the current screen. This XML file contains granular details about visible UI elements, including their text, type, and screen position. Gemini processes the information and responds with structured JSON instructions, directing the malware where to tap or swipe. Through repeated interactions, PromptSpy ensures it remains pinned in the recent apps list, making it harder for users to swipe away or terminate the malicious app.
According to ESET researcher Lukáš Štefanko, the use of generative AI enables the malware to adapt across devices, layouts, and Android OS versions. Since Android malware often depends on UI navigation, this approach significantly broadens the potential victim pool by eliminating the need for hard-coded screen coordinates.
PromptSpy abuses Android’s Accessibility Services to execute Gemini’s recommended gestures without user interaction. It also saves prior prompts and AI responses, enabling context-aware, multi-step coordination to complete persistence tasks.
Beyond persistence, the malware is designed for remote surveillance and control. It deploys a built-in VNC module that communicates with a hard-coded command-and-control (C2) server via the VNC protocol, granting attackers full remote access to the infected device.
By combining AI-driven UI automation with accessibility abuse and remote control functionality, PromptSpy represents a new evolution in Android malware—one that integrates generative AI directly into its operational workflow to enhance adaptability and persistence.
