PromptSpy is the first known Android malware to use generative AI at runtime
Summary
Researchers discovered PromptSpy, the first known Android malware that uses generative AI (specifically Google's Gemini model) during its operation to help it persist on infected devices by adapting how it locks itself in the Recent Apps list across different Android manufacturers. Beyond this AI feature, PromptSpy functions as spyware with a VNC module (remote access tool) that allows attackers to view and control the device, intercept passwords, record screens, and capture installed apps. The malware also uses invisible UI overlays to block users from uninstalling it or disabling its permissions.
Solution / Mitigation
According to ESET, victims must reboot into Android Safe Mode so that third-party apps are disabled and cannot block the malware's uninstall.
Classification
Affected Vendors
Related Issues
Original source: https://www.bleepingcomputer.com/news/security/promptspy-is-the-first-known-android-malware-to-use-generative-ai-at-runtime/
First tracked: February 19, 2026 at 07:00 PM
Classified by LLM (prompt v3) · confidence: 92%