PromptSpy is the first known Android malware to use generative AI at runtime

Android malware called PromptSpy is the first known to use a generative AI model (Google Gemini) during runtime to adapt how it keeps itself persistent across different Android device UIs.​

It sends Gemini an XML dump of the current screen, gets back JSON “what to tap” instructions to pin/lock itself in Recent Apps, and executes them via Accessibility in a loop until confirmed.​

Beyond the AI twist it’s spyware: it includes a VNC module for remote control (after Accessibility is granted) and can grab screenshots/screen recordings, enumerate apps, and intercept unlock secrets.​

ESET says it’s unclear if this is proof-of-concept, but samples were linked to a domain distributing them and a fake JPMorgan Chase-themed site, suggesting possible real-world use.