"ESET calls it PromptSpy, malware whose primary goal is to deploy a VNC module that hands hackers remote control of infected devices. The Slovak security shop's experts said PromptSpy comes with capabilities to instruct Google's Gemini chatbot to interpret parts of the device's user interface using natural language prompts. These prompts allow the malware to examine the user interface, which then informs the gestures it needs to execute on the device in order to keep the malicious app pinned to its recent apps list."
"Lukas Stefanko, malware researcher at ESET, said the use of GenAI amounts to only a small portion of the malware's toolkit, but allows it to adapt to different devices. "The AI model and prompt are predefined in the code and cannot be changed," he wrote. "Since Android malware often relies on UI navigation, leveraging generative AI enables the threat actors to adapt to more or less any device, layout, or OS version, which can greatly expand the pool of potential victims.""
PromptSpy is Android malware designed to deploy a VNC module that grants remote control of infected devices. The malware uses generative AI (Google's Gemini) to analyze an XML dump of the current screen and interpret the user interface via natural language prompts. Gemini returns JSON instructions specifying actions and coordinates that the malware executes to keep the malicious app pinned in the recent apps list. The AI model and prompt are embedded and immutable in the code. The generative AI component is a small part of the toolkit but enables adaptation across device layouts and OS versions. Samples appeared on VirusTotal in January, with some submissions from Argentina. Code analysis shows Chinese-language development and likely financially motivated intent.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]