The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

PromptSpy Android Malware Uses Generative AI

Mar 2, 2026 12:48:41 PM / by The Hivemind posted in Threat Bulletin, Android Malware, accessibility service abuse, PromptSpy, VNC malwar, persistence technique, Argentina targeting, Gemini abuse, generative AI

0 Comments

Verticals Targeted: Financial
Regions Targeted: Argentina
Related Families: VNCSpy

Executive Summary

PromptSpy is the first documented Android malware family to integrate generative AI, specifically Google's Gemini, into its execution flow for dynamic, context-aware persistence. Primarily functioning as a remote access trojan with a built-in VNC module, this malware demonstrates how large language models can enhance adaptability in mobile threats, particularly for UI manipulation resistant to device variations.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More