Mobile Malware
March 11, 20261 min read137
PromptSpy: Android Malware Uses Gemini AI for Persistence and Data Capture
PromptSpy uses Google's Gemini chatbot to interpret the system interface, maintain persistence on the device and capture sensitive data. Primarily affecting users in Argentina.
By Titan Layer Editorial Team
Published on March 11, 2026
Source: —
Researchers discovered PromptSpy, an innovative Android malware that uses Google's Gemini AI model for an unprecedented capability: understanding and interacting with the infected device's graphical interface to ensure persistence and collect data more effectively.
The malware takes periodic screenshots, sends them to the Gemini API, and uses responses to "understand" what's on screen — even as the interface changes with updates. This allows identifying open banking apps, reading 2FA notifications, and detecting removal attempts.
Primarily distributed through fake APKs in Argentina. Protect yourself by only installing apps from the official Play Store and regularly reviewing accessibility permissions.
Article information
Editorial author:Titan Layer Editorial Team
Original source:—
Original publisher:—
Original author:—
Original publication date:—
Reference link:—
Titan Layer publication date:March 11, 2026
Content type:Curated summary and editorial analysis
#android#malware#gemini#ia#promptspy#argentina
Share this article
Related Articles
Cyber Crime
Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge
Titan Layer
2d ago
Cyber Crime
Deep#Door Backdoor: A Sophisticated Threat for Espionage and Disruption
Titan Layer
3d ago
Artificial Intelligence
Increase in AI Prompt Injection Attacks: Google Analysis
Titan Layer
6d ago