Overview
- Security teams detail how PromptSpy sends UI-XML from the device to Gemini, which returns step-by-step actions that keep the malicious app running across varied Android interfaces.
- One observed task instructs the malware to lock itself in the recent-apps view so closing all apps will not terminate it, enabling reliable persistence before further activity begins.
- The payload is masquerading as a JPMorgan-style app called MorganArg and is offered via manipulated websites that prompt users to sideload an APK rather than use official app stores.
- With accessibility and broad permissions granted, attackers can monitor screens in real time, read messages, initiate transfers, capture passwords, and deploy invisible overlays that block uninstall attempts.
- Researchers report no confirmed real-world infections to date, note artifacts suggesting a Chinese-language development environment, and recommend Play Protect, system updates, and caution with accessibility permissions.