UrsaClimb Logo

PromptSpy is the first known Android malware to use generative AI at runtime

Bleeping Computer
by Lawrence Abrams
February 19, 2026
AI-Generated Deep Dive Summary
Researchers have uncovered the first Android malware to integrate generative AI into its operations, named PromptSpy. This malware leverages Google's Gemini model to enhance its persistence across devices by dynamically adapting its behavior based on AI-generated instructions. Unlike previous malwares that used machine learning for specific tasks like ad fraud, PromptSpy marks a significant advancement by directly incorporating AI during runtime to achieve long-term presence on infected devices. The malware works by sending prompts and screen data to Gemini, which then provides step-by-step instructions in JSON format. These instructions guide the malware in performing actions such as pinning apps to the Recent Apps list using Android's Accessibility Service. This method bypasses standard termination processes, ensuring persistence despite user attempts to clear or uninstall the app. The AI-driven approach allows PromptSpy to adapt its tactics across different device models and manufacturers, making manual scripting unnecessary. In addition to its AI-powered persistence mechanism, PromptSpy functions as spyware, equipped with a VNC module for remote control and access to device data. It can capture screenshots, record screen activity, intercept lockscreen PINs, and monitor user gestures. The malware also employs anti-removal techniques by overlaying transparent buttons to block uninstallation or permission revocation, further complicating eradication. The integration of generative AI into malware highlights a concerning evolution in cyber threats. By automating complex tasks through AI, threat actors can create more sophisticated and adaptable malicious software. While PromptSpy's use of Gemini is currently limited to persistence, its existence underscores the potential for future malwares to exploit advanced AI tools for enhanced functionality and evasion techniques. Although ESET has yet to observe PromptSpy in their telemetry, its discovery raises critical questions about the readiness of security measures against AI-driven threats. As cybercriminals continue to leverage cutting-edge technologies, understanding and mitigating such risks becomes increasingly essential for both developers and users alike.
Verticals
securitytech
Originally published on Bleeping Computer on 2/19/2026