The security firm ESET has identified PromptSpy, a malicious code for Android that sets a precedent. It is the first virus that uses the API of the Google Gemini artificial intelligence chatbot to operate on compromised devices. The main target of this campaign appears to be Argentina, and the code analysis suggests that its developers could be in China.
Infection and Persistence Mechanism Using AI ?•µï¸?/h2>
PromptSpy is distributed as a fake Telegram application. Once installed, it requests accessibility permissions. Its key function is to silently open the web browser, connect to the public web interface of Google Gemini, and use predefined prompts to generate responses. These responses, which are instructions in Python code, are then executed on the device through an embedded interpreter, allowing the malware to steal data and maintain control without needing to update its own code.
When Your AI Assistant Works for the Enemy ??
The situation has its comic point: now your smartphone can be hacked by instructions coming directly from Google's chatbot. It's as if the malware had decided to outsource its most technical work. Instead of carrying all the malicious code itself, it prefers to ask Gemini to write it on demand. A clear case of automation reaching the dark side too, where even viruses want to be more efficient and ask for help to do their dirty work.