First Android Malware Using Generative AI Discovered
▼ Summary
– ESET researchers discovered PromptSpy, the first known Android malware to abuse generative AI (Google’s Gemini) within its execution flow to achieve persistence.
– The malware’s primary purpose is to deploy a VNC module for remote device access, and it can capture lockscreen data, block uninstallation, and record screen activity.
– PromptSpy uses a predefined AI prompt to generate instructions for pinning the malicious app in the recent apps list, making it adaptable to different device layouts and versions.
– The financially motivated campaign primarily targets users in Argentina and is distributed via a dedicated website, not Google Play, though Google Play Protect blocks known versions.
– Victims can only remove the malware by rebooting their device into Safe Mode to uninstall it, as it blocks normal uninstallation with invisible screen overlays.
Cybersecurity researchers have identified a novel Android threat, marking the first instance where generative artificial intelligence has been integrated into a malware’s operational process to maintain persistence on a device. Dubbed PromptSpy, this malicious software leverages Google’s Gemini AI model to automate on-screen navigation, making it harder to remove and significantly broadening its potential impact across different Android versions and device layouts.
The malware’s primary function is to deploy a VNC (Virtual Network Computing) module, granting attackers remote control over an infected smartphone. It achieves persistence by using a pre-defined prompt to instruct the Gemini model on how to manipulate the device’s user interface, specifically to “lock” the malicious app in the recent apps list. This locking mechanism, often indicated by a padlock icon, prevents users from easily swiping the app away or having the system terminate it. Beyond this AI-driven feature, PromptSpy abuses Android’s Accessibility Services to block uninstallation attempts with invisible screen overlays. It also harvests sensitive information, including lockscreen data and device details, while possessing the capability to capture screenshots and record screen activity as video.
According to the analysis, the campaign appears financially motivated and has primarily targeted users in Argentina. The malware is distributed through a dedicated website and has never been available on the official Google Play Store. The malicious application disguises itself as a banking app, using the name MorganArg and an icon reminiscent of JPMorgan Chase, suggesting an impersonation tactic aimed at Argentine users. All communication between the infected device and the attacker’s command server is secured using AES encryption.
For users who find their device infected, removal is challenging due to the uninstallation blocking. The recommended method is to reboot the device into Safe Mode. In this state, third-party applications are disabled, allowing the user to uninstall the malicious app normally. The typical process involves pressing and holding the power button, then long-pressing the “Power off” option to select “Reboot to Safe Mode,” though steps can vary by manufacturer. Once in Safe Mode, navigating to Settings, then Apps, finding “MorganArg,” and selecting uninstall should remove the threat.
While this specific variant of PromptSpy has not been widely observed in active telemetry, indicating it may be a proof-of-concept, its discovery underscores a concerning trend. The integration of generative AI, even in a limited capacity, provides threat actors with a tool to automate complex UI interactions, dramatically increasing the malware’s adaptability and potential victim pool across diverse devices. Security experts note that Android devices with Google Play Services enabled are automatically protected against known versions of this malware through Google Play Protect.
(Source: HelpNet Security)
