Android Malware ‘PromptSpy’ Exploits Google Gemini to Evade Detection and Analysis
PromptSpy: A Newly Discovered Android Malware
A newly discovered Android malware strain, dubbed PromptSpy, has been found to leverage Google’s Gemini artificial intelligence system to evade detection and maintain control over infected devices. This marks a significant shift in the evolution of Android malware, as it integrates a generative AI model directly into its execution flow.
Main Functionality
PromptSpy’s primary objective is to deploy a virtual network computing (VNC) module, granting attackers remote access to a victim’s phone. The malware captures lock screen data, blocks uninstallation attempts, gathers device information, takes screenshots, and records screen activity as video. What sets PromptSpy apart is its use of Gemini to analyze the visual environment of an Android device in real-time, providing step-by-step instructions on how to ensure the malicious app remains pinned in the recent apps list.
The malware hard-codes the AI model and a specific prompt, assigning the AI agent the persona of an “Android automation assistant.” PromptSpy sends Gemini a natural-language request along with an XML dump of the current screen, which provides detailed information about every visible user interface element. Gemini processes the data and returns structured JSON instructions directing the malware on what action to perform, such as tapping a specific element, and where to execute it.
Interaction with Gemini
The interaction between PromptSpy and Gemini can unfold in multiple steps until the application is successfully locked into the device’s recent apps list. The malware uses Android’s accessibility services to interact with the device without direct user input, allowing it to perform screen-based actions dynamically. PromptSpy also communicates with a hard-coded command-and-control server, identified as “54.67.2[.]84,” using the VNC protocol.
Discovery and Distribution
Researchers at ESET, who discovered the malware, believe that PromptSpy is distributed through a dedicated website and has never been available on the Google Play store. The malware is delivered through a dropper application, which opens a web page masquerading as JPMorgan Chase. The page instructs victims to grant permission to install applications from unknown sources, while the Trojan contacts its server to request a configuration file.
Analysis and Conclusion
Analysis suggests that the campaign is financially motivated and targets users in Argentina. Evidence also indicates that the malware was developed in a Chinese-speaking environment, citing the presence of debug strings written in simplified Chinese. PromptSpy appears to be an advanced iteration of a previously undocumented Android malware strain called VNCSpy.
The integration of Gemini into PromptSpy’s core operations marks a significant shift in technique, moving from rigid automation toward systems that can interpret and respond to a device’s visual environment in real-time. This evolution allows the malware to adapt to virtually any device, screen size, or user interface layout it encounters.
About Author
English