Mobile Malware
March 11, 20261 min read137
PromptSpy: Android Malware Uses Gemini AI for Persistence and Data Capture
PromptSpy uses Google's Gemini chatbot to interpret the system interface, maintain persistence on the device and capture sensitive data. Primarily affecting users in Argentina.
By Titan Layer Editorial Team
Published on March 11, 2026
Source: —
Researchers discovered PromptSpy, an innovative Android malware that uses Google's Gemini AI model for an unprecedented capability: understanding and interacting with the infected device's graphical interface to ensure persistence and collect data more effectively.
The malware takes periodic screenshots, sends them to the Gemini API, and uses responses to "understand" what's on screen — even as the interface changes with updates. This allows identifying open banking apps, reading 2FA notifications, and detecting removal attempts.
Primarily distributed through fake APKs in Argentina. Protect yourself by only installing apps from the official Play Store and regularly reviewing accessibility permissions.
Article information
Editorial author:Titan Layer Editorial Team
Original source:—
Original publisher:—
Original author:—
Original publication date:—
Reference link:—
Titan Layer publication date:March 11, 2026
Content type:Curated summary and editorial analysis
#android#malware#gemini#ia#promptspy#argentina
Share this article
Related Articles
Critical Vulnerabilities
Critical Flaw in Funnel Builder Under Active Exploitation
Titan Layer
5/17/2026
Critical Vulnerabilities
Checkmarx Jenkins Package Compromised with Infostealer
Titan Layer
5/12/2026
Cyber Crime
Fake OpenAI Repository on Hugging Face Distributes Infostealer Malware
Titan Layer
5/9/2026