Joe Maring / Android Authority
TL;DR
- Researchers have recognized the primary recognized Android malware to make use of generative AI throughout execution.
- The malware queries Google’s Gemini mannequin to adapt its conduct throughout completely different Android units.
- It could be a proof-of-concept model, but it surely indicators a shift towards extra dynamic AI-assisted assaults.
Replace: February 20, 2026 (05:12 PM ET): Following our request for remark and the publication of the unique article under, a Google spokesperson offered us with the next assertion:
“Primarily based on our present detection, no apps containing this malware are discovered on Google Play. Android customers are mechanically protected in opposition to recognized variations of this malware by Google Play Shield, which is on by default on Android units with Google Play Companies. Google Play Shield can warn customers or block apps recognized to exhibit malicious conduct, even when these apps come from sources exterior of Play.”
The ESET researchers had already shared their findings with Google, and related assurances to these within the assertion above are echoed within the report. Regardless of the talents this malware demonstrates, there appears to be little or no danger to Android customers at this stage.
Unique article: February 20, 2026 (01:19 PM ET): It’s been a worrying week on the Android malware entrance. On Tuesday, we realized of tablets transport with hidden malware already embedded of their firmware. Now, researchers say they’ve noticed one thing arguably extra futuristic: Android malware that makes use of Google’s personal Gemini AI mannequin throughout execution.
In keeping with a report highlighted by BleepingComputer, ESET researchers have uncovered a brand new Android malware household dubbed PromptSpy. Not like conventional malware that depends completely on hardcoded directions, this pressure queries Google’s Gemini generative AI mannequin at runtime to assist it perform a part of its conduct. On this case, the malware sends Gemini details about what’s at present seen on the contaminated machine’s display screen and asks for steering on what to do subsequent. That permits it to adapt to variations between Android units and interfaces, relatively than counting on a inflexible script which may solely work on sure fashions.
Don’t wish to miss the very best from Android Authority?
ESET says that is the primary recognized instance of Android malware integrating generative AI straight into its execution move. Whereas the AI part is used for just one characteristic on this instance, it exhibits how attackers can leverage publicly obtainable AI instruments to make malware extra versatile and tougher to design in opposition to.
Past the disturbing AI growth, PromptSpy capabilities as spyware and adware. It reportedly features a built-in distant entry module and may acquire data corresponding to put in apps and lockscreen credentials as soon as it positive aspects the mandatory permissions. It additionally makes an attempt to make elimination harder by interfering with efforts to disable it.
To this point, ESET says it hasn’t noticed PromptSpy or its dropper in its telemetry, making it unclear whether or not the malware is actively spreading or stays nearer to a proof-of-concept. Nevertheless, researchers famous that the samples have been distributed by way of a devoted area and impersonated a significant financial institution, suggesting they might not be purely experimental.
Even when its attain and scope are restricted for now, the broader takeaway is difficult to disregard. Generative AI isn’t simply getting used to create malicious content material — it’s beginning to form how malware behaves in actual time. Attackers utilizing Google’s personal AI instruments in opposition to Android on this occasion solely provides to the priority, and we’ve reached out to Google for touch upon the matter. We’ll replace this text with any response we obtain.
Thanks for being a part of our group. Learn our Remark Coverage earlier than posting.
