Researchers identified PromptSpy, a newly disclosed Android spyware and remote access trojan that uses Google Gemini during runtime to interpret on-screen elements and decide which gestures to perform on an infected device. The malware can steal lockscreen PINs and passwords, enumerate installed apps, capture screenshots, record video, and give operators live remote screen control over encrypted communications. Investigators said the AI-assisted navigation appears to be the first reported case of mobile malware directly invoking generative AI on a victim device while executing.
PromptSpy was discovered by ESET during an investigation into a separate AI-enabled ransomware case and was distributed through a fake Argentine banking-themed website using app names such as MorganArg and MorganArgs, impersonating a JPMorgan Chase Argentina branch app. Telemetry indicates limited real-world deployment, with one confirmed detection in Ukraine in February 2026, suggesting the malware may still be an early-stage proof of concept. The spyware abuses Android accessibility services to keep itself pinned in the recent apps list and to hinder removal by placing invisible overlays over the Stop and Uninstall buttons, while Google Threat Intelligence Group said its Gemini-driven interaction is broader than persistence alone and that components including API keys can be updated remotely through command-and-control.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
3 events from the most recent confirmed update back to the earliest known activity.
Google Threat Intelligence Group said PromptSpy's Gemini-assisted navigation was intended for broader screen interaction, not just persistence in the recent apps list. It also noted that components including Gemini API keys can be updated remotely through command-and-control.
ESET discovered the newly identified PromptSpy Android malware while investigating a separate AI-powered ransomware case. The malware was found being distributed through a fake Argentine banking-themed website using app names impersonating a JPMorgan Chase Argentina branch app.
ESET reported one confirmed detection of the PromptSpy Android spyware/RAT in Ukraine. The references describe telemetry as otherwise limited, suggesting the malware may still have been in an early-stage or proof-of-concept phase.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
3 references tracked. Mallory keeps watching after this page renders.
cybersecuritynews.com
Open sourcecryptika.com
Open sourcewelivesecurity.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.