It’s been a worrying week on the Android malware front. On Tuesday, we learned of tablets shipping with hidden malware already embedded in their firmware. Now, researchers say they’ve spotted something arguably more futuristic: Android malware that uses Google’s own Gemini AI model during execution.
According to a report highlighted by BleepingComputer, ESET researchers have uncovered a new Android malware family dubbed PromptSpy. Unlike traditional malware that relies entirely on hardcoded instructions, this strain queries Google’s Gemini generative AI model at runtime to help it carry out part of its behavior. In this case, the malware sends Gemini information about what’s currently visible on the infected device’s screen and asks for guidance on what to do next. That allows it to adapt to differences between Android devices and interfaces, rather than relying on a rigid script that might only work on certain models.
