"ESET researcher Lukáš Štefanko said that while GenAI plays only a minor role in PromptSpy's execution flow it could have a significant impact on the malware's potential adaptability. "Since Android malware often relies on UI-based navigation, leveraging generative AI enables threat actors to adapt to more or less any device, layout, or operation system version, which can greatly increase the pool of potential victims," he said."
""Even though PromptSpy uses Gemini in just one of its features, it still demonstrates how implementing these tools can make malware more dynamic, giving threat actors ways to automate actions that would normally be more difficult with traditional scripting," Štefanko said that based on localisation clues and distribution vectors, PromptSpy seems to be run by a financially-motivated threat actor, exploits Morgan Chase branding, and may primarily target users in Argentina."
PromptSpy targets Android devices to deploy a virtual network computing (VNC) module that captures lockscreen data, gathers device information, takes screenshots, records activity, and blocks uninstallation. The malware establishes persistence by using on-device Google Gemini to interpret onscreen elements and generate dynamic instructions to perform gestures that keep the app in the recent app list, preventing it from being easily swiped away or killed. The generative AI component is limited but increases adaptability across device layouts and OS versions, expanding the pool of potential victims. Distribution clues indicate financial motivation, Morgan Chase branding abuse, and a likely focus on Argentina with limited wider telemetry.
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]