{"id":215329,"date":"2026-02-19T11:43:00","date_gmt":"2026-02-19T16:43:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/19\/eset-research-discovers-promptspy-the-first-android-threat\/"},"modified":"2026-02-19T11:55:08","modified_gmt":"2026-02-19T16:55:08","slug":"eset-research-discovers-promptspy-the-first-android-threat","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/19\/eset-research-discovers-promptspy-the-first-android-threat\/","title":{"rendered":"ESET Research discovers PromptSpy, the first Android threat"},"content":{"rendered":"<p><a href=\"https:\/\/www.globenewswire.com\/news-release\/2026\/02\/19\/3241357\/0\/en\/ESET-Research-discovers-PromptSpy-the-first-Android-threat-to-use-generative-AI.html\">ESET Research discovers PromptSpy, the first Android threat<\/a><\/p>\n<p><a href=\"https:\/\/www.globenewswire.com\/news-release\/2026\/02\/19\/3241357\/0\/en\/ESET-Research-discovers-PromptSpy-the-first-Android-threat-to-use-generative-AI.html\">https:\/\/www.globenewswire.com\/news-release\/2026\/02\/19\/3241357\/0\/en\/ESET-Research-discovers-PromptSpy-the-first-Android-threat-to-use-generative-AI.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-19 11:43:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.globenewswire.com\">www.globenewswire.com<\/a><\/p>\n<ul type=\"disc\">\n<li style=\"text-align:justify;\">PromptSpy is the first known Android malware to use generative AI in its execution flow.<\/li>\n<li style=\"text-align:justify;\">Google&#8217;s Gemini is used to interpret on-screen elements on the compromised device and provide PromptSpy with dynamic instructions on how to execute a specific gesture to remain in the recent app list.<\/li>\n<li style=\"text-align:justify;\">The main (non GenAI-assisted) purpose of PromptSpy is to deploy a Virtual Network Computing (VNC) module on the victim&#8217;s device, allowing attackers to see the screen and perform actions remotely.<\/li>\n<li style=\"text-align:justify;\">PromptSpy can capture lockscreen data, block uninstallation, gather device info, take screenshots, record screen activity as video, and more.<\/li>\n<\/ul>\n<p align=\"justify\">BRATISLAVA, Slovakia and KO\u0160ICE, Slovakia, Feb.  19, 2026  (GLOBE NEWSWIRE) &#8212; ESET researchers have discovered PromptSpy, the first known Android malware to abuse generative AI in its execution flow to achieve persistence. It is the first time generative AI has been deployed in this manner. Because the attackers rely on prompting an AI model (specifically, Google\u2019s Gemini) to guide malicious UI manipulation, ESET has named this family PromptSpy. The malware can capture lockscreen data, block uninstallation attempts, gather device info, take screenshots, record screen activity as video, and more. This is the second AI-powered malware that ESET Research has discovered, following PromptLock in August 2025, the first known case of AI-driven ransomware.<\/p>\n<p align=\"justify\">Based on language localization clues and the distribution vectors observed during analysis, this campaign appears to be financially motivated and seems to primarily target users in Argentina. However, PromptSpy has not been observed in ESET telemetry yet, possibly making it a proof of concept.<\/p>\n<p align=\"justify\">While generative AI is deployed only in a relatively minor part of PromptSpy&#8217;s code \u2014 the one responsible for achieving persistence \u2014 it still has a significant impact on the malware&#8217;s adaptability. Specifically, Gemini is used to provide PromptSpy with step-by-step instructions on how to make the&#8230;<\/p>\n<p><a href=\"https:\/\/www.globenewswire.com\/news-release\/2026\/02\/19\/3241357\/0\/en\/ESET-Research-discovers-PromptSpy-the-first-Android-threat-to-use-generative-AI.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>ESET Research discovers PromptSpy, the first Android threat https:\/\/www.globenewswire.com\/news-release\/2026\/02\/19\/3241357\/0\/en\/ESET-Research-discovers-PromptSpy-the-first-Android-threat-to-use-generative-AI.html Publish Date: 2026-02-19 11:43:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":215330,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/ml.globenewswire.com\/Resource\/Download\/d6434bd9-71ad-46f5-b1c8-81bd2b967640","fifu_image_alt":"","footnotes":""},"categories":[46],"tags":[70,32],"class_list":["post-215329","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-android","tag-google","tag-malware"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215329"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=215329"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215329\/revisions"}],"predecessor-version":[{"id":215331,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215329\/revisions\/215331"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/215330"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=215329"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=215329"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=215329"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}