Overview
- PromptSpy sends an XML snapshot of the current screen to Google’s Gemini and executes the model’s JSON tap and swipe instructions via Accessibility Services to keep the malicious app pinned in Recent Apps.
- The malware’s main objective is remote takeover through a built‑in VNC module that can view and control the screen, capture lockscreen credentials, record activity, and take screenshots.
- Samples first appeared on VirusTotal as VNCSpy uploads from Hong Kong in January, with more advanced PromptSpy variants submitted from Argentina in February and distribution sites now offline.
- ESET assesses financial motivation with targeting focused on Argentina, notes JPMorgan‑branded lures via a ‘MorganArg’ app, and finds code artifacts suggesting development in a Chinese‑speaking environment.
- The threat was never on Google Play; known versions are blocked by Play Protect, infected users must uninstall in Android Safe Mode, and communications use AES‑encrypted VNC to a hard‑coded C2 at 54.67.2[.]84.