PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence
Summary
PromptSpy is Android malware that uses Google's Gemini AI chatbot to maintain persistence on infected devices by sending UI information to Gemini, which then instructs the malware where to tap or swipe to add itself to recent apps. The malware also abuses Accessibility Services (a system feature that allows apps to interact with the device interface) to prevent users from uninstalling it by overlaying invisible blocks over removal buttons.
Solution / Mitigation
According to ESET researchers, victims can remove PromptSpy by rebooting the device into Safe Mode, where third-party apps are disabled and can be uninstalled normally.
Classification
Affected Vendors
Related Issues
Original source: https://www.securityweek.com/promptspy-android-malware-abuses-gemini-ai-at-runtime-for-persistence/
First tracked: February 20, 2026 at 03:00 AM
Classified by LLM (prompt v3) · confidence: 92%