PromptSpy Malware Uses Gemini AI To Lock Itself On Androids

Your smartphone might soon face an enemy that thinks and adapts in real time. Cybersecurity researchers have uncovered a new malicious program called PromptSpy that changes the rules of the game. It uses Google Gemini artificial intelligence to rewrite its own behavior while running on your device. This terrifying shift allows the virus to secure a permanent spot on your phone by learning exactly how your specific screen works.

A New Era of Smart Viruses

For years, computer viruses were static and predictable. A hacker wrote a script, and that script did exactly what it was told to do. If the script did not match your phone model, the attack failed. That limitation is now disappearing.

PromptSpy is the first known case of Android malware integrating generative AI directly into its execution.

This discovery marks a significant turning point in mobile security. The malware does not just carry a pre-written list of instructions. It carries a connection to a brain. By using a Large Language Model (LLM), the virus can look at what is happening on your screen and figure out what to do next.

This adaptability solves a major problem for hackers. Android phones come in thousands of shapes and sizes. A Samsung device operates differently than a Pixel or a Xiaomi. The settings menus look different. The buttons are in different places. Writing a single script to navigate all these variations is nearly impossible.

PromptSpy solves this by asking the AI for help. It acts like a human user who is looking at the screen and deciding where to tap.

How the AI Loop Works

The primary goal of this AI integration is survival. The malware wants to “pin” itself to your Recent Apps list. When an app is pinned or locked, the Android system will not close it to save battery. This allows the malware to run in the background forever.

The process is surprisingly complex and mimics human problem solving.

Here is how PromptSpy interacts with Google Gemini:

1. Capture: The malware takes a snapshot of your current screen and the technical layout of the buttons.
2. Ask: It sends this data to the Gemini AI model with a specific question.
3. Learn: The AI analyzes the screen and tells the malware exactly which coordinates to tap to lock the app.
4. Execute: The malware performs the action using Android Accessibility Services.
5. Verify: It repeats the process until the AI confirms the app is successfully locked.

This loop continues until the virus secures its place on your device. It means the malware can adapt to phone models that did not even exist when the code was written.

Total Control and Spyware Features

While the use of AI is the headline, the purpose of PromptSpy is classic espionage. Once it secures its position on your phone, it opens the door for total remote control.

The malware includes a module for Virtual Network Computing (VNC). This technology allows the attacker to see your screen in real time and control it as if they were holding the phone in their hand.

The attackers can view and control the Android screen in real time.

According to the analysis by ESET researcher Lukas Stefanko, the capabilities of this spyware are extensive.

• Credential Theft: It can steal your lock screen PIN or password.
• Visual Recording: It can record videos of you unlocking your phone or capture screenshots on demand.
• Data Exfiltration: It uploads lists of your installed apps and reports what you are doing on the screen.

The malware also protects itself aggressively. If you realize something is wrong and try to uninstall the app, PromptSpy fights back.

It detects when you are on the settings screen trying to remove it. The malware then places a transparent, invisible layer over the “Uninstall” or “Stop” buttons. When you tap the button to remove the virus, you are actually tapping a dead zone or a different command entirely. The malware effectively blocks its own removal physically.

Is Your Device at Risk?

The origins of this threat appear to trace back to earlier versions known as VNCSpy. Samples of the code were uploaded from Hong Kong in January 2026, followed by more advanced versions from Argentina in February.

Researchers at ESET note that they have not yet seen this spread widely in their user data. This could mean the malware is currently a “proof of concept” or a test run by hackers perfecting the technology.

However, there is evidence suggesting it may be active in targeted attacks. The malware uses dedicated web domains that mimic legitimate services. One domain impersonates the JPMorgan Chase Bank website. This suggests the hackers are using it for financial fraud or targeted phishing campaigns.

This development aligns with recent reports from Google Threat Intelligence. They warned earlier this month that state-sponsored hackers are increasingly using tools like Gemini to improve their attacks. We are moving from an era of static viruses to an era of adaptive, AI-assisted cyber weaponry.

The arrival of PromptSpy signals that the safety nets of the past are no longer sufficient. We are now facing software that can reason, adapt, and overcome security measures by simply “looking” at them. Security is no longer just about patching holes. It is about outsmarting an opponent that learns from its mistakes. As this technology becomes cheaper and more accessible, we likely will see more viruses that act less like programs and more like intelligent agents.

What is your take on AI tools being weaponized so quickly? Do you think tech companies should restrict how their AI models answer technical prompts? Share this article with your friends on social media and let us know your thoughts.