First Android Malware Abuses Google’s Gemini AI

Cybersecurity researchers at ESET have announced the discovery of the first known Android malware, codenamed PromptSpy, that actively exploits Google’s Gemini AI chatbot to maintain control over infected devices according to a recent report. The malware, distributed outside of Google Play via a dedicated website, uses Gemini to analyze the device’s screen and receive step-by-step instructions for locking the app in the recent apps list, preventing it from being killed.

Consequently, the primary function of PromptSpy is to deploy a VNC module that grants attackers remote access to the victim’s device. It also uses accessibility services to overlay invisible elements on the screen, blocking standard uninstallation attempts and capturing sensitive lockscreen data.

The campaign is financially motivated and, based on language clues, primarily targets users in Argentina. Meanwhile, evidence in the code, including debug strings in simplified Chinese, suggests PromptSpy was developed in a Chinese-speaking environment, as noted by researcher Lukáš Štefanko.

This use of AI makes the malware highly adaptive to different device layouts and Android versions. The only effective removal method is for victims to reboot the device into Safe Mode to uninstall third-party apps.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

• Coinbase Base Ditchs Optimism Stack, OP Token Plunges
• Sharplink’s $1.68B ETH Treasury Gains Major Institutional Backing
• Beeple Depicts ETHDenver 2026 as Post-Apocalyptic Wasteland
• White House Hosts New Talks on Stalled Crypto Bill CLARITY Act
• VeChain Powers Decent for Workplace Proof & Accountability