Malware Uses Gemini To Control Android Devices

Security researchers at ESET report a new Android malware called PromptSpy that embeds Google’s Gemini chatbot to generate real-time, contextual instructions to control infected devices. The strain abuses Android accessibility APIs, captures screen data, and provides VNC-style remote control while communicating with encrypted command-and-control. The AI-driven approach enables adaptive persistence across UI variations, complicating detection and remediation for defenders.