PromptSpy ushers in the era of Android threats using GenAI (www.welivesecurity.com)

ESET researchers have identified PromptSpy, the first known Android malware that utilizes generative AI to manipulate the user interface, specifically for achieving persistence on compromised devices. This malware employs Google's Gemini AI to interpret on-screen elements and provide dynamic instructions on how to keep the malicious app pinned to the recent apps list, effectively making it more resilient against user intervention. While the generative AI component is limited to this persistence function, its ability to adapt to various device layouts and operating system versions significantly broadens the scope of potential victims, marking a notable evolution in malware capabilities. Significantly, PromptSpy not only leverages advanced AI for UI manipulation but also incorporates traditional malicious functions, such as deploying a remote access module and capturing sensitive device information. The discovery highlights the continuing rise of AI-assisted tactics in cybercrime, offering attackers automation opportunities that were previously challenging with conventional scripting methods. Targeting users primarily in Argentina and exhibiting characteristics indicative of development in a Chinese-speaking environment, PromptSpy represents a sophisticated threat within the AI/ML community, raising alarms about the future landscape of malware and user security.