PromptSpy is de eerste Android-malware die gebruikmaakt van generatieve AI, zoals Google's Gemini, om onopgemerkt te blijven en op afstand bestuurd te worden.

Welke risico's brengt PromptSpy met zich mee voor bedrijven?

PromptSpy kan leiden tot hacking, datalekken, privacyschendingen en misbruik van AI-platformen, wat de digitale veiligheid van een bedrijf in gevaar brengt.

Hoe kunnen bedrijven zich beschermen tegen AI-gestuurde malware?

Bedrijven kunnen zich beschermen door een strikt mobiel beleid te voeren, AI expliciet op te nemen in hun securitybeleid en gerichte bewustmakingssessies te organiseren.

Waarom is AI-veiligheid belangrijk voor kmo's?

AI-veiligheid is cruciaal voor kmo's omdat medewerkers smartphones gebruiken, apps installeren en AI-diensten in hun werk integreren, waardoor ze kwetsbaar zijn voor aanvallen.

Wat zijn de voordelen van een veilige AI-aanpak voor een bedrijf?

Een veilige AI-aanpak stelt bedrijven in staat om de voordelen van AI te benutten zonder de controle te verliezen, waardoor ze ethisch, veilig en duurzaam kunnen ondernemen.

Go back

AI-Driven Android Malware: What PromptSpy Can Teach Your Business About Digital Resilience

Introduction

For the first time, Android malware has been discovered that actively uses a generative AI model to stay under the radar: PromptSpy. This malicious app abuses Google's Gemini AI to maintain itself and be controlled remotely. It may sound like something out of a movie, but it has a very concrete impact on the daily reality of SMEs: smartphones, apps, the cloud, and AI tools all interconnected.

In this article, we'll take a detailed look at what's happening, why this is a logical next step in cybercrime, and what it means for your business. No panic attacks, just clear insights and practical steps to help you use AI safely and wisely.

What exactly is going on

Researchers have uncovered an Android malware campaign dubbed PromptSpy. The malware is distributed via a seemingly legitimate Android app. Once installed, the attacker gains remote access to the device and accesses sensitive information.

What makes PromptSpy special is that it uses Google's Gemini AI platform. The malware sends instructions and context to Gemini, and in return, it receives customized, "smart" responses. Think dynamic text, behavior that adapts to the situation, and better ways to evade traditional security tools. The AI isn't used to build the attack itself, but to make it smarter, more flexible, and more persistent.

According to the researchers, it is mainly about:

Persistence: Keeping the malware process alive and restarting it.
Remote access: control the device remotely.
Hide: Adjusting one's own behavior to avoid detection.

PromptSpy is therefore a concrete example of how generative AI is being used by cybercriminals.

Impact on people and society

The most important shift is that AI is now truly becoming an infrastructure layer. Just as the internet and cloud are ubiquitous, AI will increasingly be under the hood of apps, services, and even attacks. For people, organizations, and society, this means:

Faster and smarter attacks: Phishing messages, text messages, and notifications become even more credible. The classic "poorly written email" warning sign disappears.
More pressure on digital literacy: Employees must not only learn to work with AI tools, but also understand the risks of apps, devices and data linked to AI.
New dependencies: When malware uses AI services, new attack chains emerge. Clouds, app stores, and AI platforms all become part of the security narrative.

The positive thing is that the same AI technology is also being deployed on the defense side: better detection, faster analysis, and automated response. The key question, then, isn't "AI yes or no?" but "How do we organize AI so that it makes humans stronger than the attacker?"“

Ethical and sustainable considerations

PromptSpy addresses a number of important themes that your company cannot ignore when using AI in processes and products.

Ethics & Abuse: AI platforms built for good applications can be exploited in malware. This underscores the responsibility of AI providers and organizations integrating AI: consider potential abuse situations in advance and mitigate abuse where possible (e.g., through access control, monitoring, and abuse detection).
Transparency: End users often don't know which AI services an app uses. More transparency about which models and data are used helps build trust and identify abuse more quickly.
Safety by design: AI solutions must not only be "functionally sound" but also take security, logging, and access control into account as standard. Otherwise, AI becomes an additional attack vector.
Energy & environment: Every AI call to the cloud consumes computing power and therefore energy. Misuse of AI—as in PromptSpy—means wasted resources and increased environmental impact. Sustainable digitalization also means preventing the waste of computing power on harmful activities.
Fairness & bias: While this may seem less central to malware, it plays a broader role: when AI is used to manipulate people (e.g., through personalized phishing), existing vulnerabilities and inequalities can be exacerbated. A fair, human-centric AI strategy explicitly addresses this.

Safety and risk dimension

From a security perspective, PromptSpy shows which risks SMEs should consider:

Hacking & remote access: An infected Android device in your organization could be a gateway to corporate accounts, email, cloud storage, or internal tools.
Data leaks: Think of customer data, internal documents, photos, chat history – all things that can be leaked via a device with malware.
Privacy: Employees often use the same device for both work and personal use. Malware can confuse both spheres and expose both personal and business information.
Abuse of AI platforms: When malware attacks AI services, these platforms also face reputational risks. For companies integrating AI, it's crucial to prevent abuse from their own products.

A solution-oriented approach means assuming that these kinds of threats will persist and structuring your organization to limit their impact. This isn't just achieved through tools, but also through policies, processes, and training.

What does this mean for your business?

For Flemish and European SMEs, the lesson from PromptSpy is clear: AI security isn't just a concern for big tech companies or governments. As soon as your employees use smartphones, install apps, or use AI services in their work, it affects you too.

Some concrete consequences:

BYOD and mobile workplace: If employees use their own Android devices for work (Bring Your Own Device), you immediately create a risk zone. Without clear agreements and minimal security, a single infected device can cause problems.
AI in your applications: If you build your own apps or services that integrate AI (or external APIs like Gemini), security by design should be a core part of your development process. This includes not only functional testing, but also threat modeling, logical access rights, and misuse detection.
Suppliers and partners: Even if you buy AI instead of building it yourself, responsibility remains. Ask questions: which models are used, what about logging, security, and data minimization? A chain is only as strong as its weakest link.

The challenge is not to be fearful, but also not to be naive. Consider AI safety as part of high-quality business practices: just as you would organize your accounting, workplace safety, and GDPR.

3 concrete recommendations for SMEs

1. Create a simple but strict mobile policy
Determine which devices have access to corporate apps and data. Maintain minimum security requirements (PIN/biometrics, up-to-date OS, no uncontrolled app stores) and define what is and isn't permitted on BYOD devices.
2. Explicitly include AI in your security policy
Describe which AI tools may be used, what data may be shared with them, and how you will handle AI integrations in your own software. Include IT, management, and legal/compliance officials in this exercise.
3. Invest in targeted awareness raising
Organize short, practical sessions for employees on phishing, malicious apps, and the impact of AI in attacks. Instead of lengthy theoretical training sessions, provide relatable examples and clear do's and don'ts for daily practice.

Finally

PromptSpy demonstrates that AI is not only a powerful ally but also a new tool for cybercriminals. Ultimately, the core remains the same: technology should work for people, not against them. With a thoughtful, human-centric, and secure approach, SMEs can fully leverage AI without losing control.

At Canyon Clan, we help companies build and embed AI and software solutions with an eye for ethics, safety, and sustainability. Want to protect your AI strategy, mobile workplace, or digital processes against these kinds of risks without falling into hype or panic? Feel free to contact us for a practical exploration of what's best for your organization.

Who's watching? What your company can learn from AI oversight at intelligence agencies

Read the article

AI-Driven Android Malware: What PromptSpy Can Teach Your Business About Digital Resilience

Introduction

What exactly is going on

Impact on people and society

Ethical and sustainable considerations

Safety and risk dimension

What does this mean for your business?

3 concrete recommendations for SMEs

Finally

Related articles

NIS2: What does this mean for your company?

What a UN panel on AI means for your business

AI and inappropriate images: what your company needs to do now

AI is cheap. AI projects are not

Who's watching? What your company can learn from AI oversight at intelligence agencies