PromptSpy ushers in the era of Android threats using GenAI

ESET researchers uncovered PromptSpy, an Android malware family that leverages Google Gemini generative AI to interpret on-screen UI XML and produce step-by-step interaction instructions to maintain persistence (locking itself in Recent Apps), while its primary malicious payload deploys a VNC module for remote control, screen recording, and credential capture; the report includes sample hashes, distribution domains (targeting Argentina), IoCs, and mapped MITRE ATT&CK techniques, though ESET notes limited telemetry and the possibility the artifacts are proof‑of‑concepts.