Android Malware Uses Google's Gemini Model

ESET researchers in February 2026 discovered PromptSpy, the first known Android malware family to weaponize Google's Gemini generative AI model as part of its active execution flow. The campaign follows ESET's August 2025 disclosure of PromptLock, the first AI-powered ransomware, and demonstrates attackers leveraging LLMs for runtime decision-making. Security teams must update mobile telemetry, detection rules, and threat-hunting to address adaptive, model-driven behaviors.