#BREAKING #ESETresearch has discovered the first known Android malware to use generative AI in its execution flow; we have named it #PromptSpy. The malware abuses Google’s #Gemini to achieve persistence on the compromised device. https://www.welivesecurity.com/en/eset-research/promptspy-ushers-in-era-android-threats-using-genai/
Gemini is used to analyze the current screen and provide PromptSpy with step-by-step instructions to ensure that the malicious app remains pinned in the recent apps list, preventing it from being easily swiped away or killed by the system.
Since Android malware often relies on hardcoded UI navigation, employing generative AI enables the threat actors to adapt to more or less any device, layout, or OS version, which can greatly increase the number of potential victims.
PromptSpy abuses Accessibility Services to deploy a #VNC module on victim devices, so attackers can see the screen and perform actions remotely, as well as block the victim from manually uninstalling the malicious app (which uses invisible overlays, here marked in red).
The analyzed samples are available on VirusTotal and seem to be used in a real campaign targeting users in 🇦🇷, though we can’t rule out them being a part of a proof-of-concept. At the same time, the analyzed malware samples point toward PromptSpy being developed in a Chinese-speaking environment.
IoCs available in our GitHub repo: https://github.com/eset/malware-ioc

A single point of failure triggered the Amazon outage affecting millions
A DNS manager in a single region of Amazon's sprawling network touched off a 16-hour debacle.
https://arstechnica.com/gadgets/2025/10/a-single-point-of-failure-triggered-the-amazon-outage-affecting-millions/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

Google and Check Point nuke massive YouTube malware network https://www.theregister.com/2025/10/23/youtube_ghost_network_malware/

Armed police swarm student after AI mistakes bag of Doritos for a weapon - Dexerto https://www.dexerto.com/entertainment/armed-police-swarm-student-after-ai-mistakes-bag-of-doritos-for-a-weapon-3273512/

#Microsoft revokes 200+ certificates abused by #Vanilla #Tempest in fake Teams campaign
https://securityaffairs.com/183532/cyber-crime/microsoft-revokes-200-certificates-abused-by-vanilla-tempest-in-fake-teams-campaign.html
#securityaffairs #hacking

IPFire now supports Two-Factor Authentication for OpenVPN - Learn more on our blog https://blog.ipfire.org/post/openvpn-otp-2fa #openvpn #2fa #otp #ipfire #security

Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices https://thehackernews.com/2025/10/researchers-uncover-watchguard-vpn-bug.html