Android malware is now using Google’s own Gemini AI to adapt in real time
Source: Android Authority
TL;DR
- Researchers have identified the first known Android malware to use generative AI during execution.
- The malware queries Google’s Gemini model to adapt its behavior across different Android devices.
- It may be a proof‑of‑concept version, but it signals a shift toward more dynamic AI‑assisted attacks.
Overview
It’s been a worrying week on the Android malware front. On Tuesday, we learned of tablets shipping with hidden malware already embedded in their firmware. Now, researchers say they’ve spotted something arguably more futuristic: Android malware that uses Google’s own Gemini AI model during execution.
PromptSpy Malware Family
According to a report highlighted by BleepingComputer, ESET researchers have uncovered a new Android malware family dubbed PromptSpy. Unlike traditional malware that relies entirely on hard‑coded instructions, this strain queries Google’s Gemini generative AI model at runtime to help it carry out part of its behavior.
The malware sends Gemini information about what’s currently visible on the infected device’s screen and asks for guidance on what to do next. This allows it to adapt to differences between Android devices and interfaces, rather than relying on a rigid script that might only work on certain models.
ESET says this is the first known example of Android malware integrating generative AI directly into its execution flow. While the AI component is used for only one feature in this example, it shows how attackers can leverage publicly available AI tools to make malware more flexible and harder to defend against.
Capabilities
- Remote access module – built‑in backdoor for command‑and‑control communication.
- Data collection – gathers installed apps, lock‑screen credentials, and other sensitive information once the required permissions are obtained.
- Persistence & evasion – interferes with attempts to disable or remove the malware, making remediation more difficult.
Distribution and Prevalence
ESET has not observed PromptSpy or its dropper in its telemetry, leaving its active spread uncertain. Samples were distributed via a dedicated domain and impersonated a major bank, suggesting the campaign may be more than a pure proof‑of‑concept.
Implications
Even if its reach is limited for now, the broader takeaway is clear: generative AI is not only being used to create malicious content—it’s beginning to shape how malware behaves in real time. Attackers leveraging Google’s own AI tools against Android heightens the concern, and the security community is awaiting a response from Google.