PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence
Summary
PromptSpy is Android malware that uses Gemini (Google's AI chatbot) to automatically keep itself running on victims' devices by analyzing the screen and sending instructions on how to stay in the recent apps list. The malware also uses accessibility services (special permissions that let apps control your device without user input) to steal data, prevent uninstallation, and give attackers remote access through a VNC module (virtual network computing, software for controlling devices remotely), and it's being distributed through fake websites targeting users in Argentina.
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://thehackernews.com/2026/02/promptspy-android-malware-abuses-google.html
First tracked: February 19, 2026 at 03:00 PM
Classified by LLM (prompt v3) · confidence: 92%