The First Android Malware That Thinks for Itself Just Used Google's AI to Do It

A banking trojan is asking Gemini how to survive on your phone. Gemini is answering. On February 19, ESET researchers disclosed a malware family they named PromptSpy. It is, by their assessment, the first Android threat to use generative AI at runtime — not as a development tool, not to write phishing emails, but as an active component of its own execution. The malware sends a screenshot of the infected phone's current state to Google's Gemini API. Gemini analyzes the screen and returns JSON-formatted instructions: what to tap, where to tap, in what sequence. The purpose is persistence — PromptSpy uses Gemini's responses to keep itself pinned in the recent apps list, preventing the user from swiping it away or the system from killing it. It is asking an AI how to stay alive. The AI is telling it. How It Works PromptSpy arrives disguised as a banking app called MorganArg — a knockoff of JPMorgan Chase's branding, targeting users in Argentina. Once installed, it deploys a VNC module that

The First Android Malware That Thinks for Itself Just Used Google's AI to Do It

Related Articles

Gate.io vs KuCoin — Which Crypto Exchange Is Better? (2026)

How to Build a Real Multi-Agent Engineering Workflow With oh-my-claudecode

Clean Code Principles Every Software Engineer Should Follow

The Real Cost of Abstractions in .NET

Stop Learning Frameworks — You’re Wasting Your Time

Related Articles

How-To
Gate.io vs KuCoin — Which Crypto Exchange Is Better? (2026)
Dev.to Beginners • 15h ago

How-To
How to Build a Real Multi-Agent Engineering Workflow With oh-my-claudecode
Medium Programming • 16h ago

How-To
Clean Code Principles Every Software Engineer Should Follow
Medium Programming • 17h ago

How-To
The Real Cost of Abstractions in .NET
Medium Programming • 18h ago

How-To
Stop Learning Frameworks — You’re Wasting Your Time
Medium Programming • 18h ago