Cybersecurity researchers claim to have found the first Android malware that achieves persistence by abusing Google's generative artificial intelligence (AI) chatbot, Gemini, as part of its execution flow This article explores android malware achieves. . ESET has given the malware the codename PromptSpy.

The malware has the ability to take screenshots, record screen activity as video, collect device information, block uninstallation attempts, and capture lockscreen data. In a report released today, ESET researcher Lukáš Štefanko stated, "Gemini is used to analyze the current screen and provide PromptSpy with step-by-step instructions on how to ensure the malicious app remains pinned in the recent apps list, thus preventing it from being easily swiped away or killed by the system."

"Using generative AI allows the threat actors to adapt to almost any device, layout, or OS version, which can greatly expand the pool of potential victims, as Android malware frequently relies on UI navigation." This entails giving the AI agent the identity of a "Android automation assistant" by hard-coding the AI model and a prompt into the malware. Together with an XML dump of the current screen that provides comprehensive details about each UI element, such as its text, type, and precise location on the screen, it provides Gemini with a natural language prompt.

The only way a victim can get rid of PromptSpy is to restart the device into Safe Mode, where third-party apps are disabled and can be removed. This is because PromptSpy prevents itself from being uninstalled by superimposing invisible elements on the screen. "PromptSpy shows that Android malware is beginning to evolve in a sinister way," according to ESET.

"The malware can adapt to almost any device, screen size, or UI layout it encounters by using generative AI to interpret on-screen elements and determine how to interact with them." "It helps AI achieve a persistence technique resistant to UI changes by simply giving it a snapshot of the screen and receiving precise, step-by-step interaction instructions in return, rather than hardcoding taps."