Google Gemini has been weaponized by the novel PromptSpy malware to ensure persistence in targeted devices, marking the first known use of generative AI in an Android malware, reports The Cyber Express.Threat actors have tapped phishing websites spoofing Chase Bank for PromptSpy distribution as part of financial fraud campaigns mainly aimed at Argentina-based Android users, according to findings from ESET researchers. While other illicit Android payloads use fixed coordinates or UI element identifiers across various skins, PromptSpy sends prompts to Gemini along with XML dumps to achieve app locking before launching a VNC module enabling remote access to breached devices.PromptSpy, which has been linked to Chinese threat actors, also harnesses Accessibility Services permissions to facilitate the execution of action instructions and prevent its deletion from devices. Removal of the Gemini-exploiting malware, which is still in proof-of-concept stage, necessitates booting to Safe Mode, researchers added.
Malware, AI/ML
Unprecedented generative AI-harnessing Android malware emerges

An In-Depth Guide to AI
Get essential knowledge and practical strategies to use AI to better your security program.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds



