Google and Mandiant disclosed PROMPTSPY, an Android backdoor that uses AI-enabled functions to support credential theft, persistence, and operator resilience. The malware can capture biometric authentication input, display deceptive overlays to hinder removal, and relaunch remotely through Firebase Cloud Messaging. Investigators said operators can update command-and-control infrastructure, Gemini API keys, and VNC relay servers without redeploying the payload, allowing the malware to adapt after installation. Google said it disabled infrastructure tied to the activity, found no PROMPTSPY-infected apps on Google Play, and confirmed that Google Play Protect detects known samples.
The report also described a broader rise in adversarial use of large language models and agentic tooling across the intrusion lifecycle. Google linked a suspected PRC-nexus actor to the use of tools including Hexstrike, Graphiti, Strix, subfinder, and httpx while targeting a Japanese technology company and an East Asian cybersecurity platform. Separately, the company said information operation actors tied to Russia, Iran, China, and Saudi Arabia are using AI for content generation, localization, reconnaissance, phishing preparation, environmental fingerprinting, and more autonomous attack workflows, including suspected AI voice cloning in the pro-Russia Operation Overload campaign.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
3 events from the most recent confirmed update back to the earliest known activity.
The report noted that information operation actors linked to Russia, Iran, China, and Saudi Arabia are using AI for content generation and localization. It also cited suspected AI voice cloning in the pro-Russia Operation Overload campaign.
Mandiant reported that threat actors are using large language models and agentic tooling for reconnaissance, phishing preparation, environmental fingerprinting, vulnerability exploitation, and autonomous attack workflows. The report also highlighted a suspected PRC-nexus actor using tools including Hexstrike, Graphiti, Strix, subfinder, and httpx against a Japanese technology firm and an East Asian cybersecurity platform.
Google identified activity involving the PROMPTSPY Android backdoor, which used AI-enabled capabilities to capture biometric authentication inputs, maintain persistence, and resist removal. Google said it disabled assets associated with the activity, found no PROMPTSPY-infected apps on Google Play, and that Google Play Protect detects known versions.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
4 references tracked. Mallory keeps watching after this page renders.
cloud.google.com
Open sourceanrdoezrs.net
Open sourcecloud.google.com
Open sourcethecyberexpress.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.