There has been a steady integration of artificial intelligence into everyday digital services that has primarily been portrayed as a story of productivity and convenience. However, the same systems that were originally designed to assist users in interpreting complex tasks are now beginning to appear in much less benign circumstances.
According to security researchers, a new Android malware strain appears to be woven directly into Google’s Gemini AI chatbot, which seems to have a generative AI component.
One of the most noteworthy aspects of this discovery is that it marks an unusual development in the evolution of mobile threat evolution, as a tool that was intended to assist users with problems has been repurposed to initiate malicious software through the user interface of a victim’s device.
In real time, the malware analyzes on-screen activity and generates contextual instructions based on it, demonstrating that modern AI systems can serve as tactical enablers in cyber intrusions. As a result of the adaptive nature of malicious applications, traditional automated scripts rarely achieve such levels of adaptability.
It has been concluded from further technical analysis that the malware, known as PromptSpy by ESET, combines a variety of established surveillance and control mechanisms with an innovative layer of artificial intelligence-assisted persistence.
When the program is installed on an affected device, a built-in virtual network computing module allows operators to view and control the compromised device remotely.
While abusing Android’s accessibility framework, this application obstructs users from attempting to remove the application, effectively interfering with user actions intended to terminate or uninstall it.
Additionally, malicious code can harvest lock-screen information, collect detailed device identifiers, take screenshots, and record extended screen activity as video while maintaining encrypted communications with its command-and-control system.
According to investigators, the campaign is primarily motivated by financial interests and has targeted heavily on Argentinian users so far, although linguistic artifacts within the code base indicate that the development most likely took place in a Chinese-speaking environment. However, PromptSpy is characterized by its unique implementation of Gemini as an operational aid that makes it uniquely unique.
A dynamic interpretation of the device interface is utilized by the malware, instead of relying on rigid automation scripts that simulate taps at predetermined coordinates, an approach that frequently fails across different versions or interface layouts of Android smartphones. It transmits a textual prompt along with an XML representation of the current screen layout to Gemini, thereby providing a structured map of the visible buttons, text labels, and interface elements to Gemini.
Once the chatbot has returned structured JSON instructions which indicate where interaction should take place, PromptSpy executes those instructions and repeats the process until the malicious application has successfully been anchored in the recent-apps list. This reduces the likelihood that the pr
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: