PromptSpy – First Known Android AI Malware Uses Google’s Gemini for Decision-making

Google's Gemini is the first known family of Android malware to use a generative AI model as a weapon in its active execution flow This article explores ransomware identified eset. . After PromptLock, the first AI-powered ransomware, was identified by ESET in August 2025, the malware was discovered in February 2026 and marks a significant evolutionary step in mobile threats.

The origins of PromptSpy, which was discovered by ESET researcher Lukas Stefanko, can be traced back to an earlier internal variant known as VNCSpy. Three samples of the virus were uploaded from Hong Kong and appeared on VirusTotal on January 13, 2026. ESET designated the entire family PromptSpy after four additional sophisticated samples with the Gemini AI component were uploaded from Argentina by February 10, 2026.

By posing as a login portal for JPMorgan Chase Bank N.A. Indicators of Compromise (IOCs), the malware is disseminated via the now-defunct distribution domain mgardownload[. ]com as an Android app with a Chase Bank theme named MorganArg, which is probably an acronym for "Morgan Argentina."

SHA-1 Filename Detection Description: net.ustexas.myavlive.apk Android/Spy.VNCSpy 6BBC9AB132BA066F63676E05DA13D108598BC29B.VNCSpy malware for Android 375D7423E63C8F5F2CC814E8CFE697BA25168AFA nlll4.un7o6.q38lAndroid/Spy.VNCSpy.A Android VNCSpy malware 3978AC5CD14E357320E127D6C87F10CB70A1DCC2 ppyzz.dpk0p.ln441.apk Android/Spy.VNCSpy.A Android VNCSpy malware E60D12017D2DA579DF87368F5596A0244621AE86 mgappc-1.apk Android/Spy.PromptSpy.PromptSpy dropper for Android 9B1723284E311794987997CB7E8814EB6014713F mgappm-1.apk Android/Spy.PromptSpy.A Android PromptSpy dropper 076801BD9C6EB78FC0331A4C7A22C73199CC3824 mgappn-0.apk Android/Spy.PromptSpy.A PromptSpy dropper for Android 8364730E9BB2CF3A4B016DE1B34F38341C0EE2FA mgappn-1.apk Android/Spy.PromptSpy.A Android PromptSpy dropper F8F4C5BC498BCCE907DC975DD88BE8D594629909 app-release.apk Android/Spy.PromptSpy.A Android PromptSpy payload C14E9B062ED28115EDE096788F62B47A6ED841AC mgapp.apk Android/Phishing.Agent.M Android phishing malware IP Domain Hosting Provider First Seen Details 52.222.205[. ]45 m-mgarg[. ]com Amazon.com, Inc. 2026-01-12 Phishing website 54.67.2[. ]84 N/A Amazon.com, Inc. N/A C&C server 104.21.91[.

]170 mgardownload[. ]com Cloudflare, Inc.

For daily cybersecurity updates, visit the 2026-01-13 Distribution website, LinkedIn, and X. To have your stories featured, get in touch with us.

]170 mgardownload[. ]com Cloudflare, Inc.

For daily cybersecurity updates, visit the 2026-01-13 Distribution website, LinkedIn, and X. To have your stories featured, get in touch with us.

PromptSpy – First Known Android AI Malware Uses Google’s Gemini for Decision-making

Trending News

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Top 10 Best VPN For Chrome in 2026

Top 10 Best VPN For Chrome in 2026

Top 10 Best User Access Management Tools in 2026

Top 10 Best User Access Management Tools in 2026

PromptSpy – First Known Android AI Malware Uses Google’s Gemini for Decision-making

Trending News

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Top 10 Best VPN For Chrome in 2026

Top 10 Best VPN For Chrome in 2026

Top 10 Best User Access Management Tools in 2026

Top 10 Best User Access Management Tools in 2026