February 23, 2026 Researchers say they’ve identified a new strain of Android malware that uses Google’s own Gemini AI model during execution. Google says the risk to users appears limited, stating that no apps containing the malware have been found on Google Play and that built-in protections are already blocking known variants.

“Based on our current detection, no apps containing this malware are found on Google Play,” a Google spokesperson told Android Authority, adding that Android users are automatically protected by Google Play Protect, which can warn or block malicious apps even when they come from outside the Play Store.

The malware, dubbed PromptSpy by security firm ESET, represents a notable shift in how malicious software can operate. Instead of relying entirely on hardcoded instructions, the spyware reportedly queries Gemini in real time, feeding the model information about what appears on a device’s screen and asking for guidance on next steps. That approach could allow the malware to adapt to different Android devices and interfaces, making it more flexible than traditional threats built around fixed scripts.

ESET described PromptSpy as the first known Android malware family to directly integrate generative AI into its execution workflow. While the AI component currently plays a limited role, researchers say the technique demonstrates how attackers could use publicly available AI tools to make malware more adaptive and harder to detect.

Beyond its AI-assisted behaviour, PromptSpy functions primarily as spyware. The malware includes a remote access module and can collect data such as installed apps and lockscreen credentials if granted sufficient permissions. It also reportedly attempts to resist removal by interfering with attempts to disable it.

So far, ESET has not observed widespread distribution in real-world telemetry, leaving uncertainty over whether the threat is active in the wild or closer to a proof-of-concept. However, researchers noted that samples were distributed via a dedicated domain and disguised as a legitimate banking app.

Google’s response indicates that existing Android safeguards are already mitigating the threat. Play Protect, which runs by default on devices with Google Play Services, scans apps and flags suspicious behaviour even when software is installed outside the official store.

Still, the discovery underscores a broader shift in cybersecurity. Future attacks may increasingly blend AI systems with traditional malware tactics, creating a new layer of complexity for defenders.