Android Malware Hijacks Google Gemini to Stay Hidden
ATT&CK techniques detected
T1204.002Malicious File
77%
“additionally, the malicious android app distributing promptspy is called ‘ morganarg, ’ which suggests it purports to be ‘ morgan argentina. ’ the app ’ s icon is inspired by chase bank. the malicious app is linked to a spoofed spanish website, with an “ iniciar session ” ( login…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
56%
“it from being easily swiped away or killed by the system. the researchers have named the malware implant promptspy. based on the presence of simplified chinese elements in the code, eset assessed “ with medium confidence ” that promptspy was developed in a chinese ‑ speaking envi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1219Remote Access Tools
44%
“android malware hijacks google gemini to stay hidden eset researchers have identified an android malware implant that uses generative ai ( genai ) for persistence purposes. this malicious implant is an advanced version of vncspy, a piece of malware that appeared on virustotal in …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
A new Android malware implant using Google Gemini to perform persistence tasks was discovered on VirusTotal and analyzed by ESET