Attention Android users: The first malware program using generative artificial intelligence to hide on your phone has been discovered.
A few weeks ago, the results for the world's best-selling and fastest-growing mobile phone brands for 2025 were published. The data revealed that Apple continues to dominate the global market, a reality that aligns with the increasing trend among users towards purchasing advanced phones. However, this trend is not reflected equally in all regions.
A list of the best-selling mobile phones in Latin America for 2025 was recently published, and the results were surprising. Unlike in the United States or Europe, no iPhones appeared in the Latin American rankings, and no high-end Android phones were mentioned.
Pay close attention to this new development if you use an Android phone. ESET researchers have sounded the alarm after discovering PromptSpy malware, the first mobile malware to use generative artificial intelligence to operate and hide within your device.
Not only does it steal your photos, but this software is also capable of programming itself in real time to Google’s Gemini model, to learn exactly how your phone works, and ensure that you cannot access it.
The danger of PromptSpy lies in the fact that, instead of using fixed factory instructions, it uses artificial intelligence to improvise. For example, each phone manufacturer has a different method for preventing an app from closing when memory is cleared. Instead of using thousands of lines of code for each brand, the malware sends a screenshot of your phone to Gemini and asks it how to block you using that list.
Unbeknownst to Google, its AI system is aiding malware by analyzing the buttons, coordinates, and text on your screen and issuing instructions. The virus then performs its task, sending the results back to the AI system to confirm its success. If it is successfully installed on your phone, it remains there permanently.
Once this malware infiltrates your system by gaining access privileges, hackers gain complete control over your screen. They can see what you're looking at in real time, record videos of you drawing your unlock pattern, steal your PIN, and even take screenshots of your banking apps.
Even worse, if you try to uninstall or revoke the suspicious application's permissions, PromptSpy activates a defensive mechanism: it places invisible, transparent rectangles directly above the "Uninstall" or "Stop" buttons. When you think you're clicking to delete the virus, you're actually pressing a fake button that prevents the process.
Therefore, the usual methods won't work to get rid of it. ESET experts explain that the only way to remove it is to restart your phone in Safe Mode. This disables all third-party applications, preventing the malware from using its tricks, and ultimately allows you to permanently delete it.
Even worse, this has already begun, and Google experts have already discovered viruses that carry the fingerprint of artificial intelligence within them.