Android users risk persistent compromise from PromptSpy Android malware, which integrates Google’s Gemini AI to dynamically secure its foothold across diverse devices. Disguised as MorganArg banking app from a Chase impersonator site, it deploys VNC for surveillance despite no detected infections. This innovation elevates threats to confidentiality and control in mobile environments.
Evolution from VNCSpy to PromptSpy Android Malware
ESET researcher Lukas Stefanko identified PromptSpy Android malware evolving from VNCSpy variants, with initial samples surfacing January 13, 2026, from Hong Kong. By February 10, advanced iterations incorporating Gemini appeared from Argentina. Distributed via mgardownload.com mimicking JPMorgan Chase, the payload targets banking credentials through phishing.
Simplified Chinese code and handlers suggest a Chinese-speaking development origin. No Google Play presence exists, and ESET collaborated with Google via App Defense Alliance for Play Protect coverage. Deployment infrastructure implies intent for broader rollout.
Gemini AI for UI Automation
Traditional malware falters on varying screens, but PromptSpy Android malware feeds live UI XML detailing elements, text, bounds to Gemini alongside prompts. The AI responds with JSON tap/swipe coordinates, iteratively until the malicious app locks in recent tasks with a padlock, defying swipes or kills.
This loop ensures cross-device compatibility, from manufacturers to OS versions, vastly expanding attack surface. Static prompts limit flexibility but enable robust persistence without hardcoded fixes.
VNC Remote Access and Surveillance
Post-persistence, PromptSpy Android malware activates encrypted VNC to hardcoded C&C servers, providing screenshots, app lists, screen recordings, foreground monitoring, and PIN/pattern capture via video. Accessibility grants overlay interceptions on uninstall/stop buttons, thwarting removal sans Safe Mode.
Operators command full interaction, compromising device integrity comprehensively. Anti-removal renders standard uninstalls ineffective, prolonging availability to attackers.
Indicators and Mitigation Paths
The following table summarizes key SHA-1 hashes for PromptSpy Android malware samples.
| SHA-1 | Filename | Detection | Description |
|---|---|---|---|
| 6BBC9AB132BA066F63676E05DA13D108598BC29B | net.ustexas.myavlive.apk | Android/Spy.VNCSpy.A | Android VNCSpy malware |
| 375D7423E63C8F5F2CC814E8CFE697BA25168AFA | nlll4.un7o6.q38l5.apk | Android/Spy.VNCSpy.A | Android VNCSpy malware |
| 3978AC5CD14E357320E127D6C87F10CB70A1DCC2 | ppyzz.dpk0p.ln441.apk | Android/Spy.VNCSpy.A | Android VNCSpy malware |
| E60D12017D2DA579DF87368F5596A0244621AE86 | mgappc-1.apk | Android/Spy.PromptSpy.A | Android PromptSpy dropper |
| 9B1723284E311794987997CB7E8814EB6014713F | mgappm-1.apk | Android/Spy.PromptSpy.A | Android PromptSpy dropper |
| 076801BD9C6EB78FC0331A4C7A22C73199CC3824 | mgappn-0.apk | Android/Spy.PromptSpy.A | Android PromptSpy dropper |
| 8364730E9BB2CF3A4B016DE1B34F38341C0EE2FA | mgappn-1.apk | Android/Spy.PromptSpy.A | Android PromptSpy dropper |
| F8F4C5BC498BCCE907DC975DD88BE8D594629909 | app-release.apk | Android/Spy.PromptSpy.A | Android PromptSpy payload |
| C14E9B062ED28115EDE096788F62B47A6ED841AC | mgapp.apk | Android/Phishing.Agent.M | Android phishing malware |
This table covers primary hashes, detections, and roles from ESET analysis.
Additional IOCs include C&C 54.67.2.84 and phishing domains m-mgarg.com, mgardownload.com.
AI-enhanced malware like PromptSpy Android malware builds on prior PromptLock ransomware innovations. Safe Mode reboot followed by app deletion via Settings remains the definitive removal path.
PromptSpy Android malware marks a paradigm shift, harnessing Gemini for resilient execution that transcends hardware variances, ensuring persistent surveillance and control. Confidentiality of credentials and activities erodes under VNC, while availability persists via locked states and interceptions. Google protections mitigate known variants, underscoring collaborative defenses against AI-augmented threats.
No Comment! Be the first one.