"Gemini is used to analyze the current screen and provide PromptSpy with step-by-step instructions on how to ensure the malicious app remains pinned in the recent apps list, thus preventing it from being easily swiped away or killed by the system,"
"Since Android malware often relies on UI navigation, leveraging generative AI enables the threat actors to adapt to more or less any device, layout, or OS version, which can greatly expand the pool of potential victims."
PromptSpy is Android malware that integrates Google's Gemini generative AI into its execution flow to achieve persistence. The malware hard-codes an AI model and prompt assigning the persona 'Android automation assistant' and submits an XML dump of the current screen with every UI element. Gemini returns JSON instructions specifying actions and coordinates, enabling automated UI interactions until the app is pinned in the recent apps list. PromptSpy captures lockscreen data, screenshots, screen video, collects device information, and deploys a built-in VNC module for remote access. The malware exploits accessibility services and invisible overlays to prevent uninstallation and communicates with a hard-coded command-and-control server. Generative AI enables adaptation across device layouts and OS versions, expanding potential victims.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]