惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

SecWiki News
SecWiki News
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
V
Visual Studio Blog
博客园 - 叶小钗
S
SegmentFault 最新的问题
IT之家
IT之家
大猫的无限游戏
大猫的无限游戏
博客园_首页
Apple Machine Learning Research
Apple Machine Learning Research
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
月光博客
月光博客
酷 壳 – CoolShell
酷 壳 – CoolShell
腾讯CDC
D
Darknet – Hacking Tools, Hacker News & Cyber Security
V
V2EX
阮一峰的网络日志
阮一峰的网络日志
L
Lohrmann on Cybersecurity
量子位
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tor Project blog
J
Java Code Geeks
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
博客园 - 三生石上(FineUI控件)
Attack and Defense Labs
Attack and Defense Labs
AI
AI
The Cloudflare Blog
T
Tailwind CSS Blog
S
Schneier on Security
爱范儿
爱范儿
PCI Perspectives
PCI Perspectives
Stack Overflow Blog
Stack Overflow Blog
S
Secure Thoughts
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
T
The Exploit Database - CXSecurity.com
博客园 - 【当耐特】
V2EX - 技术
V2EX - 技术
S
Securelist
P
Proofpoint News Feed
T
Threat Research - Cisco Blogs
Help Net Security
Help Net Security
C
Cisco Blogs
N
News and Events Feed by Topic
人人都是产品经理
人人都是产品经理
B
Blog RSS Feed
K
Kaspersky official blog
T
The Blog of Author Tim Ferriss
G
Google Developers Blog
S
Security Affairs
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Simon Willison's Weblog
Simon Willison's Weblog

www.infosecurity-magazine.com

Just Three Ransomware Gangs Accounted for 40% of Attacks Last Month Google Chrome Rolls Out Protection Against Infostealers Targeting Session Cookies STX RAT Targets Finance Sector With Advanced Stealth Tactics Bitcoin Depot Reports $3.6m Crypto Theft After System Breach Atomic Stealer MacOS ClickFix Attack Bypasses Apple Security Warnings Middle East Hack-for-Hire Operation Traced to South Asian Cyber Espionage Group Governance Gaps Emerge as AI Agents Drive 76% Increase in NHIs Google Warns of New Threat Group Targeting BPOs and Helpdesks Google API Keys Quietly Gain Access to Gemini on Android Devices Critical Vulnerability in Ninja Forms Exposes WordPress Sites Anthropic Launches Project Glasswing to Use AI to Find and Fix Critical Software Vulnerabilities US Thwarts DNS Hijacking Network Controlled by Russian APT28 Hackers Claude Discovers Apache ActiveMQ Bug Hidden for 13 Years Iran‑Backed Threat Actors Hit US CNI Providers via Internet‑Facing OT Assets Russian APT28 Hackers Hijack Routers to Steal Credentials, UK Security Agency Warns GPU Rowhammer Attack Enables Privilege Escalation and Full System Compromise GrafanaGhost Exploit Bypasses AI Guardrails for Silent Data Exfiltration Over $17bn Lost to Cyber Fraud in the Last Year, Warns FBI Storm-1175 Exploits Flaws in High-Velocity Medusa Attacks Fortinet Releases Emergency Patch After FortiClient EMS Bug Is Exploited New Phishing Platform Used in Credential Theft Campaigns Against C-Suite Execs New 'Storm' Infostealer Remotely Decrypts Stolen Credentials NCSC Issues Security Alert Over Hackers Targeting WhatsApp and Signal Accounts Apple Expands iOS 18 Security Updates Amid DarkSword Threat Researchers Observe Sub-One-Hour Ransomware Attacks GitHub Used as Covert Channel in Multi-Stage Malware Campaign Most CNI Firms Face Up to £5m in Downtime from OT Attacks Google Introduces Android Dev Verification Amid Openness Debate New Venom Stealer MaaS Platform Automates Continuous Data Theft Chinese Hackers Target European Governments in Espionage Campaigns Eight in 10 UK Manufacturers Hit by Cyber Incident in a Year Hackers Hijack Axios npm Package to Spread RATs Maryland Man Charged Over $53m Uranium Finance Crypto Hack Phantom Project Bundles Infostealer, Crypter and RAT For Sale ChatGPT Security Issue Enabled Data Theft via Single Prompt TeamPCP Explores Ways to Exploit Stolen Supply Chain Secrets Employee Data Breaches Surge to Seven-Year High NCSC Urges Immediate Patching of F5 BIG-IP Bug Cybercriminals Exploit Tax Season With New Phishing Tactics Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers DeepLoad Malware Combines ClickFix With AI-Generated Code to Avoid Detection Critical Citrix NetScaler Vulnerability Exploited in the Wild ICO Fines UK Nuisance Call Scammers £100,000 European Commission Confirms Cloud Data Breach New Wave of AiTM Phishing Targets TikTok for Business TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack Quantum Computing Threat to Encryption Is Closer Than Expected, Warns Google UK Cracks Down on Chinese Crypto Marketplace for Funding Southeast Asia Scam Hubs Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code Attackers Rapidly Weaponize Critical Oracle WebLogic RCE, Honeypot Study Finds EtherRAT Techniques Bypass Security Via Ethereum Smart Contracts AI Becomes the Top Cybersecurity Priority for Defenders as Criminals Exploit It, PwC Warns OpenAI Expands Bug Bounty to Cover AI Abuse and 'Safety' Concerns Iran-Linked Pay2Key Ransomware Group Re-Emerges Invoice Fraud Costs UK Construction Sector Millions, NCA Warns Cloud Phones Linked to Rising Financial Fraud Threat Hackers Exploit Compromised Enterprise Identities at Industrial Scale, Warns SentinelOne US: FCC Bans Foreign-Made Routers Over National Security Concerns TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise Experts Sound Alarm Over “Prompt Poaching” Browser Extensions Operation Henhouse Nets Over 500 Arrests in UK Fraud Crackdown RSA Conference: UK NCSC Head Urges Industry to Develop Vibe Coding Safeguards Silver Fox Cyber Campaigns Show Shift Toward Dual Espionage Citrix Urges Immediate Patching for Critical NetScaler Vulnerabilities New Npm 'Ghost Campaign' Uses Fake Install Logs to Hide Malware Former Ukrainian Foreign Minister Dmytro Kuleba to Address the New Cyber Frontline at Infosecurity Europe Enterprise Cybersecurity Software Fails 20% of the Time, Warns Absolute Security Russian Initial Access Broker Handed 81-Month Sentence Handala Group Tied to Iranian Hack‑and‑Leak Operations, FBI Reveals Most Cybersecurity Staff Don’t Know How Fast They Could Stop a Cyber-Attack on AI Systems Tycoon2FA Phishing Service Resumes Activity Post-Takedown High-Tech Sector Overtakes Finance as Top Target for Cyber-Attacks, Mandiant Reports Trivy Supply Chain Attack Expands With New Compromised Docker Images CISA Orders US Government to Patch Maximum Severity Cisco Flaw Operation Alice Takes Down 370,000+ Dark Web Sites Hackers Exploit Critical Langflow Bug in Just 20 Hours NCA Boss Warns That Teens Are Being “Radicalized” Into Cybercrime Online Ransomware Affiliate Exposes Details of 'The Gentlemen' Operation Financial Brands Targeted in Global Mobile Banking Malware Surge FCA Updates Cyber Incident and Third-Party Reporting Rules AWS Warns Hackers Have Abused Cisco Firewall Zero-Day Since January UK: Regulation Drives Cyber Spending for Critical Infrastructure Orgs New Ubuntu Flaw Enables Local Attackers to Gain Root Access Crypto Scam "ShieldGuard" Dismantled After Malware Discovery AI-Enabled Adversaries Compress Time-to-Exploit Following Vulnerability Disclosure Vidar Stealer 2.0 Exploits GitHub, Reddit to Deliver Malware via Fake Game Cheats AI Issues Will Drive Half of Incident Response Efforts by 2028, Says Gartner Android OS-Level Attack Bypasses Mobile Payment Security 'CursorJack’ Attack Path Exposes Code Execution Risk in AI Development Environment Surge in Nation State Attacks on UK Firms Amid Cyber Warfare Fears Aeternum Botnet Shifts Command Control to Polygon Blockchain Leading Semiconductor Supplier Advantest Hit by Ransomware Attack Remcos RAT Expands Real-Time Surveillance Capabilities SMEs Wrong to Assume They Won’t Be Hit by Cyber-Attacks, NCSC Boss Warns Google Warns of In the Wild Exploit as It Patches New Chrome Zero Day Phorpiex Phishing Delivers Low-Noise Global Group Ransomware BridgePay Confirms Ransomware Attack, No Card Data Compromised New Hacking Campaign Exploits Microsoft Windows WinRAR Vulnerability Labyrinth Chollima Evolves into Three North Korean Hacking Groups Google Disrupts Extensive Residential Proxy Networks
Android Malware Hijacks Google Gemini to Stay Hidden
2026-02-20 · via www.infosecurity-magazine.com

ESET researchers have identified an Android malware implant that uses generative AI (GenAI) for persistence purposes.

This malicious implant is an advanced version of VNCSpy, a piece of malware that appeared on VirusTotal in January 2026 and was represented by three samples uploaded from Hong Kong.

VCNSpy is an Android malware implant that deploys a virtual network computing (VNC) module on the victim's device, allowing attackers to see the screen and perform actions remotely.

VNC modules are components of screen-sharing technology that enables remote control of another computer using the remote frame buffer (RFB) protocol.

In February, ESET researchers identified four new malware samples uploaded to VirusTotal from Argentina. Their analysis revealed multistage malware based on VNCSpy but with a malicious payload that leverages Google’s Gemini to analyze the targeted device’s screen and provide the operator with step-by-step instructions on how to ensure the malicious app remains pinned in the recent apps list, thus preventing it from being easily swiped away or killed by the system.

The researchers have named the malware implant PromptSpy.

Based on the presence of Simplified Chinese elements in the code, ESET assessed “with medium confidence” that PromptSpy was developed in a Chinese‑speaking environment.

While the security firm noted it hasn’t yet seen any samples of PromptSpy in its telemetry, the existence of a possible distribution domain could suggest the malware has been deployed in the wild.

Malicious App Impersonating JPMorgan Argentina

The four PromptSpy dropper samples were distributed through the website mgardownload[.]com, which was already offline during ESET’s analysis.

After installing and launching PromptSpy dropper, it opened a webpage hosted on m‑mgarg[.]com.

“Although this domain was also offline, Google’s cached version revealed that it likely impersonated a Chase Bank (legally, JPMorgan Chase Bank N.A.),” wrote the ESET researchers in a report published on February 19.

Additionally, the malicious Android app distributing PromptSpy is called ‘MorganArg,’ which suggests it purports to be ‘Morgan Argentina.’ The app’s icon is inspired by Chase bank.

The malicious app is linked to a spoofed Spanish website, with an “Iniciar session” (Login) button, indicating that the page was probably intended to mimic a bank website.

The MorganArg app is a trojan that functions as a companion application developed by the same threat actor behind VNCSpy and PromptSpy.

In the background, the trojan contacts its server to request a configuration file, which includes a link to download another Android package kit (APK) – the file format for Android applications – presented to the victim, in Spanish, as an update.

Malware’s initial screen that requests to install PromptSpy payload. Source: ESET
Malware’s initial screen that requests to install PromptSpy payload. Source: ESET

The configuration server was no longer accessible during ESET’s analysis, so the exact download URL remains unknown.

“However, given that it uses the same unique bank spoofing website, the same app name, icon, and, most importantly, is signed by the same unique developer certificate as the PromptSpy dropper, we strongly suspect this app may serve as the initial stage designed to lead victims toward installing PromptSpy.

Both VNCSpy and PromptSpy include a VNC component, giving their operators full remote access to compromised devices once victims enable Accessibility Services.

This allows the malware operators to see everything happening on the device and to perform taps, swipes, gestures and text input as though they were physically holding the phone.

Gemini AI Helps Maintaining Persistence

PromptSpy also integrates an AI‑assisted user interface (UI) manipulation feature, helping it maintain persistence by keeping the malicious app pinned in the recent apps list

“We believe this functionality is used before the VNC session is established, so that the user or system will not kill the PromptSpy activity from the list of recent apps,” the ESET researchers wrote.

The researchers explained that Android malware usually depends on hardcoded screen features such as taps, coordinates, or UI selectors and that these methods are dependent on UI changes across devices, OS versions or manufacturer skins.

PromptSpy’s Gemini-powered feature aims to achieve persistence by staying embedded in the list of recent apps by executing the “lock app in recent apps” gesture, which varies between devices and manufacturers. This makes it difficult to automate with fixed scripts traditionally used by Android malware.

Once installed and launched, PromptSpy requests ‘Accessibility Service’ permissions, giving the malware the ability to read on‑screen content and perform automated clicks.

Then, while showing a simple loading-style decoy screen in the foreground. The malware begins communicating with Gemini AI to obtain instructions needed to lock its process in the ‘Recent Apps’ list.

Not locked (left) and locked (right) MorganArg app in the list of recent apps, with the padlock icon representing the lock. Source: ESET
Not locked (left) and locked (right) MorganArg app in the list of recent apps, with the padlock icon representing the lock. Source: ESET

When the user sees the ‘Loading, please wait’ activity, PromptSpy uses Accessibility Services to open the ‘Recent Apps’ screen and collect detailed UI information: visible text, content descriptions, class names, package names and screen bounds.

It serializes this dynamic UI snapshot as XML and includes it in its prompt to Gemini. Gemini then returns step-by-step tap instructions on how to achieve the ‘app lock’ gesture.

This process forms a continuous loop:

  1. PromptSpy sends updated UI context to Gemini
  2. Gemini replies with new actions
  3. PromptSpy executes them and returns the resulting screen state

The loop continues until Gemini confirms that the app is successfully locked in recent apps.

All actions suggested by Gemini (taps, swipes, navigation) are executed through ‘Accessibility Services,’ allowing the malware to interact with the device without user input.

The malware communicates with its hardcoded command‑and‑control (C2) server at 54.67.2[.]84 using the VNC protocol. The messages are AES-encrypted using a hardcoded key.

Through this communication channel, the malware can:

  • Receive a Gemini API key
  • Upload the list of installed apps
  • Intercept the lockscreen PIN or password
  • Capture the pattern unlock screen as a recording video
  • Report whether the screen is on or off
  • Report the current foreground app
  • Record the screen and user gestures for apps specified by the server
  • Take screenshots on demand

PromptSpy blocks uninstallation by overlaying invisible elements on the screen, meaning the only way for a victim to remove it is to reboot the device into ‘Safe Mode,’ where third‑party apps are disabled and can be uninstalled normally.

“PromptSpy shows that Android malware is beginning to evolve in a sinister way. By relying on generative AI to interpret on‑screen elements and decide how to interact with them, the malware can adapt to virtually any device, screen size, or UI layout it encounters,” the ESET researchers concluded.