Artificial IntelligenceCyber Security

The Rise of ‘PromptSpy’: Android’s First AI-Driven Malware

Tech News 24x7 Send an email 30 seconds ago
0 0 2 minutes read
Android’s First AI-Driven Malware
Listen to this article

Tech News, New Delhi, 24 February, 2026: Cybersecurity researchers at ESET and Trend Micro have sounded the alarm on a sophisticated new Android threat dubbed PromptSpy (also linked to the OpenClaw framework). This malware represents a paradigm shift in cybercrime: it is the first documented case of mobile malware using Google Gemini AI as a live “reasoning engine” to bypass security and persist on infected devices.

How It Works: The “AI-in-the-Middle” Attack

Unlike traditional malware that follows a rigid script, PromptSpy is dynamic. It essentially “thinks” its way through your phone’s security.

The malware takes a screenshot or an XML dump of your screen and sends it to the Gemini API. It asks the AI questions like: “I am on a Samsung S24; where is the ‘Force Stop’ button located in this menu?”

Using the AI’s response, it employs Android Accessibility Services to perform precise clicks and swipes, mimicking a human user to disable Google Play Protect or grant itself administrative device privileges.

If a user tries to uninstall the app, the AI identifies the coordinates of the “Uninstall” button and instructs the malware to draw an invisible, transparent overlay over it. This makes the button unresponsive to the user’s touch, leading the victim to believe their screen is broken.

Impact and Data Theft

While the AI handles the “break-in,” the malware’s core modules perform the “theft”:

  • Attackers get a real-time view of your screen.

  • It records screen interactions during banking logins or screen-lock entries to steal PINs and passwords.

  • It uses AI to “lock” itself into the Recent Apps list, preventing the Android OS from killing the process during memory cleanup.

Reference & Deep-Dive Links

For technical analysis and indicators of compromise (IoCs), refer to these reports:

  1. ESET Research (WeliveSecurity): PromptSpy ushers in era of Android threats using GenAIDetailed breakdown of the Gemini API communication logs.

  2. Security Affairs: PromptSpy abuses Gemini AI to gain persistent access on Android

  3. PCMag Security Watch: This Android Malware Connects to Google Gemini for Tips on Hacking

  4. The Hacker News: The OpenClaw Crisis: How PromptSpy exploits the AI Agent framework

How to Protect Yourself

Security experts recommend the following immediate actions:

  • Use Safe Mode: If your phone feels “glitchy” or certain buttons won’t press, reboot into Safe Mode to disable the AI overlays and uninstall suspicious apps.

  • Audit Accessibility: Go to Settings > Accessibility and revoke permissions for any app you don’t recognize (watch out for apps named “System Update” or “Google Services”).

  • Monitor API Traffic: If you use a mobile firewall, look for unusual, frequent outbound traffic to generativelanguage.googleapis.com.

Tech News 24x7 Send an email 30 seconds ago
0 0 2 minutes read

Tech News 24x7

Welcome to Tech News – Your daily source for everything tech. We believe in keeping our readers informed with news that truly matters to them. From the latest in AI and Social Media to breakthroughs in Science, Innovation, and Cyber Security, we cover it all. Our commitment is to provide trustworthy content, carefully curated from authorized and credible global sources.

Related Articles

Chennai’s Company Prepares for Takeoff: India’s First Electric Air Taxi Enters “Digital Validation” Phase

1 day ago

AI Revolution in Music: Google Gemini to Create Melodious Tunes from Words!

5 days ago

Ashwini Vaishnaw Inaugurates ‘WAVES Creators’ Corner’ at India AI Impact Summit 2026

6 days ago

Ministry of Education hosts session on “Pushing the Frontier of AI in India” at India AI Impact Summit 2026

7 days ago

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button