{"data":{"id":"052dd14a-f8c9-422d-a346-10caad82b7ca","title":"PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence","summary":"PromptSpy is Android malware that uses Gemini (Google's AI chatbot) to automatically keep itself running on victims' devices by analyzing the screen and sending instructions on how to stay in the recent apps list. The malware also uses accessibility services (special permissions that let apps control your device without user input) to steal data, prevent uninstallation, and give attackers remote access through a VNC module (virtual network computing, software for controlling devices remotely), and it's being distributed through fake websites targeting users in Argentina.","solution":"N/A -- no mitigation discussed in source.","labels":["security","safety"],"sourceUrl":"https://thehackernews.com/2026/02/promptspy-android-malware-abuses-google.html","publishedAt":"2026-02-19T17:52:00.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["other"],"issueType":"news","affectedPackages":null,"affectedVendors":["Google"],"affectedVendorsRaw":["Google Gemini"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"advanced","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}