Android Malware Exploits Gemini AI for Runtime Persistence and Stealthy Operations
Researchers Discover Novel Android Malware Strain Leveraging Generative AI
Researchers have discovered a novel Android malware strain that leverages generative AI to maintain persistence on compromised devices. Dubbed PromptSpy, the malware employs a Virtual Network Computing (VNC) module to grant its operators remote access to the victim’s device, enabling them to view the screen and assume full control.
Capabilities and Features
In addition to its VNC capabilities, PromptSpy can collect device information, capture lock screen PINs or passwords, record screen activity to obtain unlock patterns, and take screenshots. To ensure persistence across reboots, the malware utilizes a unique approach that involves interacting with Google’s Gemini AI chatbot.
By saving its previous prompts and Gemini’s responses, PromptSpy enables the AI chatbot to understand context and coordinate multistep interactions. This allows the malware to maintain persistence by locking itself in the recent apps list. Furthermore, PromptSpy abuses Accessibility Services to prevent uninstallation by overlaying invisible elements on the screen.
Removal and Attribution
The only way to remove the malware is to reboot the device in Safe Mode, where third-party apps are disabled and can be uninstalled normally. Researchers have not observed PromptSpy infections in the wild, suggesting it may be a proof of concept. However, a domain believed to be associated with the malware’s distribution has been identified, targeting users in Argentina.
Analysis suggests that PromptSpy was developed by Chinese actors, although the attribution is made with medium confidence, and no link to a specific threat actor has been established. The emergence of PromptSpy highlights the evolving nature of malware tactics, techniques, and procedures (TTPs), as threat actors increasingly incorporate AI-powered components into their operations.
About Author
English