PROMPTSPY
An Android backdoor, first identified by ESET in February 2026 and confirmed by GTIG in May 2026, that uses the Google Gemini API for autonomous device navigation, biometric capture, and on-device UI automation.
Last refreshed: 20 May 2026 · Appears in 1 active topic
PROMPTSPY uses Gemini to navigate any Android app autonomously; does that break biometric authentication?
Timeline for PROMPTSPY
Deployed against targets using Google Gemini API for autonomous device navigation, biometric capture, and UI automation
Cybersecurity: Threats and Defences: GTIG names the first LLM-written working zero-dayWhat is PROMPTSPY Android malware?
How does PROMPTSPY use Google Gemini to hack phones?
Can PROMPTSPY steal biometric data from Android phones?
Background
PROMPTSPY is an Android backdoor first surfaced by ESET in February 2026 and confirmed by Google's Threat Intelligence Group in May 2026 to use the Google Gemini API for autonomous device navigation, biometric capture, and on-device user-interface automation. The confirmation elevated PROMPTSPY from a suspected AI-assisted threat to the first publicly named state-attributed Android backdoor with a confirmed LLM-driven command tier. GTIG's May 2026 report identifies it in the context of AI-augmented threat actors alongside PRC-nexus and Russia-nexus clusters.
PROMPTSPY's use of Gemini for UI automation distinguishes it from conventional Android backdoors that require hardcoded command sequences or human operator control. The Gemini API layer allows the backdoor to navigate arbitrary app interfaces, fill forms, extract visible credentials, and capture biometric prompts without requiring the malware author to reverse-engineer each target application's UI. This makes the implant resilient to UI changes in the target application that would break conventional command-and-control scripts.
Biometric capture capability places PROMPTSPY in a sensitive category: if the backdoor observes or captures biometric authentication prompts (fingerprint, face recognition), it potentially undermines authentication factors previously considered phishing-resistant. For Mobile Device Management practitioners, the implication is that LLM-driven UI automation removes the protection previously offered by complex or novel application interfaces.