ESET discovered the first Android virus using Google Gemini – PromptSpy

What is PromptSpy?

Developers at ESET have identified a new Android malware called PromptSpy. It is the first virus that directly interacts with Google's Gemini chatbot via its API and uses generative AI capabilities to “stick” itself on an infected device.

How PromptSpy Works
1. Connecting to Gemini

The malware sends pre‑prepared requests to Gemini, receiving step‑by‑step instructions. Using these instructions it analyzes the device’s screen (e.g., recognizes images) and determines how to keep itself in the recent apps list.

2. Installing a Remote Access Module

After the user agrees to install the MorganArg app (which is actually malware), PromptSpy connects to an attacker‑controlled server and downloads the remaining portion of its code. This includes a virtual network (VNC) module and requests for accessibility service access, giving remote control over the Android device.

3. Bypassing Normal Removal Methods

The malware overlays “transparent rectangles” on the screen, blocking touches in critical areas and making it difficult to force‑close the app. It can only be removed via safe mode, where third‑party apps are disabled.

4. Additional Features

- Ability to intercept screen‑lock PIN codes.
- Recording on‑screen actions (swipes, text input).
- Mimicking physical interaction with the device—as if an operator is holding the phone.

Origin and Purpose of the Attack
- Regional Targeting: The phishing site that distributed PromptSpy used the branding *JPMorgan Chase Argentina*, indicating its target audience—users from Argentina.
- Appearance on the Internet: The virus was discovered after samples were uploaded from Argentina to Google’s VirusTotal platform.
- Chinese Traces: The code contains fragments in Chinese, confirming speculation that the malware was developed in China.

How to Protect Yourself
- Google Play Protect: According to ESET, Google’s protection service already blocks PromptSpy, and the app has not yet appeared on the Play Store.
- OS and App Updates: Install the latest Android security updates and use only trusted sources for downloading software.
- Permission Caution: Do not accept installation requests for unverified apps, especially if they ask for accessibility service access.

Conclusion
PromptSpy demonstrates a new level of malware interaction with generative AI services. Thanks to Gemini, the virus can adapt to any device and OS, increasing infection risk. Although its removal is difficult, safe mode allows you to get rid of it, and built‑in Google Play Protect mechanisms already provide user protection.