Android malware taps Gemini to navigate infected devices
The Register
February 19, 2026
AI-Generated Deep Dive Summary
ESET researchers have identified a new Android malware strain called PromptSpy that incorporates generative AI to enhance its functionality. Unlike traditional malware, this threat uses Google's Gemini chatbot to interpret device interfaces and execute tasks, making it more adaptable across different devices and OS versions. The malware primarily aims to gain remote control of infected devices by deploying a VNC module, enabling hackers to steal sensitive data like PINs, passwords, and screen recordings.
PromptSpy works by submitting natural language prompts to Gemini, which analyzes the device's UI and returns JSON instructions for actions like keeping the malicious app pinned in recent apps. This AI-driven approach bypasses common issues with hardcoded UI navigation, allowing the malware to operate
Verticals
tech
Originally published on The Register on 2/19/2026