This event is archived. Final snapshot from when the story concluded. View on Dashboard
Events / PromptSpy Android Malware Uses...
Tech malware discovery

PromptSpy Android Malware Uses Google Gemini AI

Analysis based on 11 articles · First reported Feb 19, 2026 · Last updated Feb 21, 2026

Sentiment
-60
Attention
4
Articles
11
Market Impact
Direct
Live prominence charts, article sentiment distribution, and event development timeline available on the NewsDesk Dashboard
Market Impact

The discovery of PromptSpy, an AI-powered Android malware, signals a new era of sophisticated cyber threats, potentially increasing cybersecurity spending across industries. While ESET's discovery is positive for cybersecurity firms, the misuse of Google===Google Gemini AI could negatively impact Google's reputation and the perceived security of Google===Android (operating system) devices.

Cybersecurity Financial services Technology
Event Summary

Security researchers at ESET have uncovered PromptSpy, a new Android malware operation that leverages Google===Google Gemini AI to maintain persistence on infected devices. Discovered in February 2026, PromptSpy adapts to various Google===Android (operating system) versions and device layouts, making it difficult to remove. The malware primarily targets users in Argentina through phishing websites impersonating banks like JPMorgan Chase===Chase Bank. PromptSpy uses Google===Google Gemini to analyze screen layouts and provide step-by-step instructions, ensuring the malicious app remains pinned in the Recent Apps list. It includes a VNC module for remote control, abuses Google===Android (operating system) Accessibility Services, records lockscreen data, and captures video. The malware is distributed via a dropper through dedicated phishing websites, not Google Play, and is believed to originate from a Chinese-speaking environment. Google===Google Play Services can block known variants, but PromptSpy represents a significant evolution in AI-assisted mobile threats.

Key Actions
95 Google===Google Gemini misused by malware to provide step-by-step instructions
90 ESET discovered and reported on new Android malware
Entities Involved
subs
Google===Google Gemini
Google===Google Gemini AI is being misused by the PromptSpy malware to maintain persistence on infected Android devices. This demonstrates a negative use case for Google===Google Gemini's capabilities, potentially raising concerns about the ethical implications and security vulnerabilities of AI technologies.
Importance 90 Sentiment -20
priv
ESET
ESET security researchers discovered and reported on the PromptSpy malware, highlighting their expertise in cybersecurity and contributing to the understanding of new AI-powered threats. This discovery enhances ESET's reputation as a leading cybersecurity firm.
Importance 80 Sentiment 20
subs
Google===Android (operating system)
The PromptSpy malware specifically targets Google===Android (operating system) devices, exploiting its Accessibility Services and adapting to various OS versions and layouts. This event highlights a significant security vulnerability within the Google===Android (operating system) ecosystem, potentially impacting user trust and device security.
Importance 70 Sentiment -30
cnt
Argentina
PromptSpy primarily targets users in Argentina through phishing websites impersonating local banks. This indicates a specific regional focus for the malware campaign, potentially leading to financial losses and security risks for Argentine citizens.
Importance 50 Sentiment -10
subs
Google===Google Play Services
Google===Google Play Services is mentioned as a security solution that can block known variants of PromptSpy. This reinforces Google===Google Play Services's role in protecting Google===Android (operating system) users from malware, although new variants may still pose a threat.
Importance 40 Sentiment 10
subs
JPMorgan Chase===Chase Bank
Phishing websites impersonating JPMorgan Chase===Chase Bank are used to distribute the PromptSpy malware. This fraudulent use of JPMorgan Chase===Chase Bank's branding could damage its reputation and lead to customer distrust, even though JPMorgan Chase===Chase Bank is not directly involved in the malware's creation or distribution.
Importance 20 Sentiment -5
Relationships
ESET related Google===Google Gemini
ESET related Google===Android (operating system)
Google===Google Gemini related Google===Android (operating system)
NEWSDESK
Track this event live

Set up alerts, explore entity relationships, search across thousands of events, and build custom intelligence feeds.

Open Dashboard

About NewsDesk

NewsDesk is a news intelligence platform that converts raw news articles into structured data. It tracks events, entities, and the relationships between them, with sentiment and attention metrics derived from thousands of articles. Pages on this site are daily static snapshots from the platform's live database. For real-time tracking, search, and alerts, the full dashboard is at app.newsdesk.dev.