Early mobile malware just clicked randomly or showed fake logins, like using a sledgehammer. But PromptSpy, recently discovered by researchers, acts more like a master locksmith—precise and sophisticated.
The AI Revolution in Crime
PromptSpy has been called the first Android malware to actively use Generative AI, specifically the Google model Gemini. This AI enables the malware to analyze new information from the device. Traditionally, malware had to be programmed to perform specific tasks. For example, if a banking app updated its UI, the hard-coded virus would fail because it could not adapt.
PromptSpy operates differently. After infecting a device, it uses the phone’s features to take actions like screenshots or reading on-screen text. Instead of following a set script, it sends the gathered data to an AI model, which interprets what it sees. The AI analyzes the user interface, identifies which screen is visible (e.g., a bank login), and determines where sensitive information is located or where actions such as money transfers can be performed. The AI then instructs the malware on what steps to take.
Contextual Understanding
Old malware is like a blindfolded burglar feeling for the safe. PromptSpy is the thief that gets the blueprint from an expert via a quick photo. It uses Large Language Models (LLMs) for context.
This AI-powered approach makes it easier for malware to bypass complex security measures, such as Two-Factor Authentication (2FA). If a One-Time Password (OTP) appears on the screen, the AI recognizes and extracts the relevant numbers directly from what’s displayed, eliminating the need for traditional SMS interception techniques.
The Persistence Problem
PromptSpy also uses AI to maintain “persistence,” learning to hide itself based on the phone model and Android version. On Samsung, it hides one way; on Pixel, it adjusts.
This marks a new era where defense is extremely difficult. If productivity tools like AI are turned against us, systems must distinguish malicious from legitimate behavior while blocking threats. Google and security companies are scrambling to patch these vulnerabilities, but the genie is out of the bottle.
