Android Malware Leverages Generative AI for Runtime Attacks: First Known Incident of PromptSpy

Researchers Discover Novel Android Malware Strain “PromptSpy” that Utilizes Generative AI

Researchers have identified a novel Android malware strain, dubbed PromptSpy, which leverages generative AI to enhance its persistence on compromised devices. This malware is the first known instance of Android malware integrating AI directly into its execution flow.

PromptSpy’s AI-Driven Approach

PromptSpy utilizes Google’s Gemini model to adapt its behavior across different devices. Specifically, it sends a chat prompt along with an XML dump of the current screen to Gemini, which responds with JSON-formatted instructions on how to pin the app in the Recent Apps list. The malware then executes these instructions through Android’s Accessibility Service, effectively locking the app in place.

Primary Function: Spyware

While the use of generative AI is a novel aspect of PromptSpy, its primary function is to act as spyware. The malware includes a built-in VNC module, granting threat actors full remote access to devices with Accessibility permissions.

This access enables the threat actors to:

• Upload a list of installed apps
• Intercept lockscreen PINs or passwords
• Record the pattern unlock screen as a video
• Capture screenshots on demand
• Record screen activity and user gestures
• Report the current foreground application and screen status

Removal Challenges

To hinder removal, PromptSpy overlays transparent, invisible rectangles over UI buttons, preventing users from uninstalling the app or revoking Accessibility permissions. Victims must reboot into Android Safe Mode to disable third-party apps and successfully remove the malware.

Conclusion

This development highlights the need for continued vigilance and innovation in the field of cybersecurity.

About Author

Vaibhav

See author's posts