New Android malware uses Google Gemini to outsmart security
A new Android malware called PromptSpy has just been discovered, and it's making headlines for being the first to use Google Gemini's AI to sneak around security.
Detected in February 2026, PromptSpy uses Gemini to make its persistence techniques more adaptable, enabling it to adjust to many devices, layouts, and OS versions.
PromptSpy gets your accessibility permissions, then goes to town
PromptSpy tricks users into giving Accessibility permissions, then quietly sends info about your screen layout to Gemini AI.
The AI figures out how to tap and swipe through your phone like a real person—repeating this until it gets what it wants.
It can take screenshots, videos, and even block you from exiting
This malware lets hackers watch and control your screen in real time. It can block you from deleting it, grab lockscreen info, list your apps, take screenshots or videos, and collect device details.
So far, samples were distributed via specific domains, and a cached spoofed site in Spanish appears to target Argentina.
How to remove PromptSpy if it gets onto your phone
If PromptSpy gets onto your phone, reboot into Safe Mode so you can uninstall it—this stops third-party apps from running.
Google Play Protect already blocks known versions by default.
If you suspect an infection, follow removal steps such as rebooting into Safe Mode and uninstalling the app.