How does the PromptSpy malware use Google's Gemini chatbot?

PromptSpy leverages Gemini's AI to analyze the device's current screen, providing instructions to keep the malicious app pinned in the recent apps list, thus ensuring its persistence.

How can victims remove the PromptSpy malware from their Android device?

Removing PromptSpy is difficult as it blocks uninstall functions; victims typically must reboot their device into Safe Mode to uninstall the malware.

Home / Technology / AI Malware Uses Gemini Chatbot for Stealth

AI Malware Uses Gemini Chatbot for Stealth

Q: Which region is primarily targeted by the PromptSpy malware?

The PromptSpy malware appears to be specifically targeting users in Argentina.

19 Feb

•

Summary

New Android malware 'PromptSpy' leverages Gemini AI for persistence.
The malware targets users in Argentina, possibly developed in China.
It uses Gemini to analyze screens and prevent app removal.

AI Malware Uses Gemini Chatbot for Stealth

Security researchers have identified an unprecedented Android malware, named PromptSpy, that weaponizes Google's Gemini chatbot. This malware's primary function is to ensure its own persistence on an infected device by abusing Gemini's API. Researchers noted that the malware appears to be specifically targeting users in Argentina, with preliminary analysis suggesting its code may have been developed in China.

PromptSpy uses Gemini to interpret the user interface of an Android device. This allows the malware to analyze the current screen and receive instructions on how to keep the malicious application pinned in the recent apps list. By preventing the app from being easily terminated, PromptSpy enhances its stealth capabilities and survival rate.