ESET researchers discovered PromptSpy, the first known Android malware to integrate generative AI directly into its execution flow, marking a new evolution in mobile threats that leverage artificial intelligence for context-aware user interface manipulation.

The malware prompts Google's Gemini to analyze current screen layouts and provide step-by-step instructions for keeping itself locked in Android's recent apps list, preventing users from easily closing or killing the malicious process.

PromptSpy represents the first deployment of generative AI for UI automation in malicious applications. The discovery follows ESET's August 2025 identification of PromptLock, the first known AI-powered...