Joe Maring / Android Authority
TL;DR
- Researchers have identified the first known Android malware to use generative AI during execution.
- The malware queries Google’s Gemini model to adapt its behavior across different Android devices.
- It may be a proof-of-concept version, but it signals a shift toward more dynamic AI-assisted attacks.
It’s been a worrying week on the Android malware front. On Tuesday, we learned of tablets shipping with hidden malware already embedded in their firmware. Now, researchers say they’ve spotted something arguably more futuristic: Android malware that uses Google’s own Gemini AI model during execution.
According to a report highlighted by BleepingComputer, ESET researchers have uncovered a new Android malware family dubbed PromptSpy. Unlike traditional malware that relies entirely on hardcoded instructions, this strain queries Google’s Gemini generative AI model at runtime to help it carry out part of its behavior. In this case, the malware sends Gemini information about what’s currently visible on the infected device’s screen and asks for guidance on what to do next. That allows it to adapt to differences between Android devices and interfaces, rather than relying on a rigid script that might only work on certain models.
Don’t want to miss the best from Android Authority?
ESET says this is the first known example of Android malware integrating generative AI directly into its execution flow. While the AI component is used for only one feature in this example, it shows how attackers can leverage publicly available AI tools to make malware more flexible and harder to design against.
Beyond the disturbing AI development, PromptSpy functions as spyware. It reportedly includes a built-in remote access module and can collect information such as installed apps and lockscreen credentials once it gains the necessary permissions. It also attempts to make removal more difficult by interfering with efforts to disable it.
So far, ESET says it hasn’t observed PromptSpy or its dropper in its telemetry, making it unclear whether the malware is actively spreading or remains closer to a proof-of-concept. However, researchers noted that the samples were distributed via a dedicated domain and impersonated a major bank, suggesting they may not be purely experimental.
Even if its reach and scope are limited for now, the broader takeaway is hard to ignore. Generative AI isn’t just being used to create malicious content — it’s starting to shape how malware behaves in real time. Attackers using Google’s own AI tools against Android in this instance only adds to the concern, and we have reached out to Google for comment on the matter. We will update this article with any response we receive.
Thank you for being part of our community. Read our Comment Policy before posting.
By
