PromptSpy Android Malware Leverages Google Gemini for Real-Time Adaptation
A new Android spyware, PromptSpy, is the first mobile malware to use Google's Gemini AI during runtime to dynamically adapt its behavior and evade detection.

A novel Android spyware, dubbed PromptSpy, has emerged as the first mobile malware to integrate generative AI capabilities directly into its runtime execution. Unlike traditional malware that relies on static, pre-programmed commands, PromptSpy queries Google's Gemini AI model in real-time to interpret screen data and determine its next actions. This dynamic approach allows the malware to adapt its behavior on the fly, making it significantly more resilient to analysis and removal.
At its core, PromptSpy functions as a sophisticated remote access trojan (RAT). It is capable of exfiltrating sensitive information such as lockscreen PINs and passwords, compiling lists of installed applications, capturing screenshots, and recording video without user awareness. Furthermore, it includes a live remote control module that grants attackers direct command over the infected device's screen. All communication between the malware and its command-and-control (C2) server is encrypted, aiding its ability to bypass basic network monitoring.
Researchers at ESET first identified PromptSpy while investigating a separate AI-powered ransomware campaign. Their analysis revealed that the malware was distributed via a website impersonating the Argentine branch of a major bank, complete with a spoofed app name to build user trust. Despite this deceptive distribution method, ESET's telemetry indicated limited real-world deployment, suggesting PromptSpy might still be in an early development phase rather than a widespread attack campaign. However, a single confirmed detection in Ukraine in February 2026 demonstrates that the threat has already begun to spread beyond its initial testing grounds.
What distinguishes PromptSpy is its innovative method for maintaining persistence on an infected device. A common challenge for mobile malware is preventing users from easily removing it by swiping it from the recent apps list. Automating this action is difficult due to the vast diversity of Android devices and operating system versions. PromptSpy circumvents this by sending Gemini a detailed description of the current screen, including all visible elements and their positions. It then uses Gemini's AI-generated instructions to perform the necessary gestures to lock itself into the recent apps view.
Beyond its AI-driven persistence tactics, PromptSpy employs further tricks to thwart uninstallation. It abuses accessibility permissions to place invisible overlays directly on top of the 'Stop' and 'Uninstall' buttons within the device's app settings menu. This means that any attempt by a user to tap these buttons will fail, as they are effectively clicking on an invisible layer instead of the intended UI element. Consequently, ESET advises that PromptSpy can typically only be removed by booting the device into safe mode, where accessibility services are disabled, allowing users to then uninstall the malicious application.
Further analysis by Google's Threat Intelligence Group indicated that PromptSpy's AI component was designed with broader screen navigation goals in mind. Attackers can also remotely update various components of the malware, including its Gemini API keys, through its C2 infrastructure. While PromptSpy's current use of AI is focused on specific UI automation tasks, ESET researchers emphasize that this development signals a potential future where malware can dynamically adapt to its environment and bypass defenses, moving away from reliance on brittle, hardcoded logic.
The distribution website, mgardownload[.]com, is now offline, and the app name used by PromptSpy was 'MorganArgs', impersonating a JPMorgan Chase Argentina mobile application. The malware's development environment appears to be Chinese-speaking, highlighting the global nature of emerging cyber threats. The combination of advanced AI integration and sophisticated evasion techniques makes PromptSpy a significant development in the mobile malware landscape.