ESET researchers in February 2026 discovered PromptSpy, the first known Android malware family to weaponize Google's Gemini generative AI model as part of its active execution flow. The campaign follows ESET's August 2025 disclosure of PromptLock, the first AI-powered ransomware, and demonstrates attackers leveraging LLMs for runtime decision-making. Security teams must update mobile telemetry, detection rules, and threat-hunting to address adaptive, model-driven behaviors.
Key Points
- 1Uses Gemini for runtime decisions, making PromptSpy first Android malware to integrate generative AI
- 2Elevates threat sophistication by enabling dynamic decision-making and adaptive behaviors during active execution
- 3Challenges mobile security defenses; practitioners must update detection, telemetry, and adversarial-model monitoring
Scoring Rationale
High-impact, first-of-its-kind malware using Gemini; credible ESET disclosure increases trust, but limited technical detail constrains assessment.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems