ESET researchers have discovered PromptSpy, the first known Android malware to abuse generative AI in its execution flow. This malware uses Google's Gemini AI to analyze screen content and provide instructions for UI manipulation, allowing it to adapt to various devices and layouts. PromptSpy's main purpose is to deploy a VNC module for remote access to the victim's device. It also abuses the Accessibility Service to block uninstallation, captures lockscreen data, and records video. The campaign appears to target users in Argentina and was likely developed in a Chinese-speaking environment. PromptSpy demonstrates how incorporating AI tools can make malware more dynamic and capable of real-time decision-making, potentially expanding the pool of potential victims.