Industry Newsgeminiandroid malwaremobile security

Android Malware Uses Google's Gemini Model

||By LDS Team
8.1
Relevance Score
Android Malware Uses Google's Gemini Model

ESET researchers in February 2026 discovered PromptSpy, the first known Android malware family to weaponize Google's Gemini generative AI model as part of its active execution flow. The campaign follows ESET's August 2025 disclosure of PromptLock, the first AI-powered ransomware, and demonstrates attackers leveraging LLMs for runtime decision-making. Security teams must update mobile telemetry, detection rules, and threat-hunting to address adaptive, model-driven behaviors.

Key Points

  • 1Uses Gemini for runtime decisions, making PromptSpy first Android malware to integrate generative AI
  • 2Elevates threat sophistication by enabling dynamic decision-making and adaptive behaviors during active execution
  • 3Challenges mobile security defenses; practitioners must update detection, telemetry, and adversarial-model monitoring

Scoring Rationale

High-impact, first-of-its-kind malware using Gemini; credible ESET disclosure increases trust, but limited technical detail constrains assessment.

Sources

Public references used for this report.

3 sources

Practice interview problems based on real data

1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.

Try 250 free problems