English 
Francês 
Alemão 
Italiano 
Japonês 
Norueguês 
Portuguese 
Spanish 
4 min of reading 
0 comments 
A New Milestone in the Evolution of Digital Cybercrime: PromptSpy Combines Generative AI with Interface Manipulation on Android to Interpret the Screen in Real Time, Generate Dynamic Commands Via Google Gemini, and Make Its Own Removal from the System More Difficult
The evolution of cybercrime has just reached a new technical milestone. ESET researchers have identified what is described as the first malware for Android to incorporate generative AI into its operational flow. Named PromptSpy, the malicious code uses the Google Gemini model to interpret information from the device’s interface and generate dynamic instructions in real time.
Although there is currently no evidence of massive campaigns in the field, the emergence of this Android malware marks the beginning of a new category of threat: malicious codes capable of adapting their behavior through language models.
Technical Architecture of PromptSpy
Unlike traditional malware, which operates with fixed scripts and pre-programmed rules, PromptSpy uses an intermediary layer based on natural language prompts. The process identified by researchers follows a specific flow:
-
350-year mystery may have been solved: remains of a soldier who inspired the hero of The Three Musketeers found beneath a church in the Netherlands.
-
NASA photographed a nearly perfect square with 3 km sides on Mars, 13 times larger than the Great Pyramid of Giza, but the official explanation is natural erosion; still, no one has explained why the four sides have almost identical lengths.
-
Starlink breaks the barrier of 10,000 satellites in orbit and takes its expansion to an unprecedented level, with a direct impact on global internet, technological competition, and the race for space.
-
Japan finds an alternative to oil amid rising prices by transforming ocean balance into electricity with a new technology that maintains efficiency even when the sea changes.
- The malware collects data from the user interface through Android system accessibility.
- Generates an XML file containing information about elements visible on the screen.
- Sends this content as a prompt to the Gemini model.
- Receives structured instructions in JSON as a response.
- Executes actions based on the interpretation returned by the model.
This approach allows the Android malware to adapt its navigation according to the version of the operating system, language, layout, or manufacturer customizations. Instead of relying on fixed coordinates or predictable interfaces, the code begins to semantically interpret the graphical environment.
Technically, this represents a leap in operational flexibility.
Persistence and Interface Manipulation
The main objective identified in PromptSpy is to ensure persistence on the compromised device. The malware installs a remote control module based on VNC (Virtual Network Computing), allowing the operator to view and interact with the victim’s screen.
To avoid removal, the code uses invisible overlays and manipulation of the recent apps list. Through the instructions generated by the Gemini model, the malware is able to keep the malicious application active and strategically repositioned in the system’s execution stack.
This mechanism reduces the effectiveness of common forced shutdown attempts. In certain scenarios, the only way to remove it may require performing a complete reset of the device to factory settings.
Additionally, PromptSpy exploits accessibility permissions to:
- Capture data displayed on the screen
- Record unlock patterns
- Intercept PIN inputs
- Collect credentials entered manually
The combined use of these techniques significantly increases the risk of financial and identity compromise.
The Role of Generative AI in the Threat
It is important to note that generative AI does not execute the attack autonomously. It acts as a mechanism for interpretation and contextual decision-making.
Traditionally, Android malware needs to be manually adapted to different interfaces. Changes in system versions can break automated scripts. By integrating a language model, PromptSpy outsources the interpretation of the interface to an AI capable of understanding textual descriptions of the screen.
This means that the malware can, for example, “understand” that a settings button is present even if its position or appearance changes. Instead of searching for fixed coordinates, it semantically interprets the function of the element.
This model reduces the need for constant updates by the attacker, increasing the potential scalability of the threat.
Origin and Current Stage
PromptSpy was identified in repositories of malicious samples such as VirusTotal. So far, there is no public confirmation of widespread distribution campaigns. Researchers suggest that the code may represent a proof of concept or initial testing phase.
There were also indications of already inactive command and control domains, reinforcing the hypothesis of technical experimentation.
Despite this, the importance of the case lies not in the volume of infections, but in structural innovation. Android malware with generative AI marks the beginning of a quickly evolving attack model.
Implications for Cybersecurity
The integration of language models into malicious codes alters the defense paradigm. Traditional detection systems based on signatures may have more difficulty identifying adaptive behaviors driven by AI.
Moreover, the real-time personalization of attacks may reduce repetitive patterns that would facilitate automated blocking.
Experts point out that the next step could involve:
- Complete automation of social engineering via AI
- Dynamic adjustment of payload according to the user’s profile
- Exploitation of multiple banking apps without the need for hardcoding
As language models become more accessible, the technical cost of incorporating AI into malware is likely to decrease.
A Symbolic Milestone in the Evolution of Cybercrime
Historically, each technological leap is eventually appropriated by malicious actors. The emergence of PromptSpy confirms that generative AI has definitively entered the cybercrime arsenal.
Even though this specific case does not yet represent a massive threat, it signals a structural shift. Android malware is no longer just automated but incorporates contextual interpretative capability.
This transition could redefine the balance between attack and defense in the coming years. And, while PromptSpy is just the first documented case, it is unlikely to be the last.
Seja o primeiro a reagir!