PromptSpy Android malware abuses Google Gemini to analyze screens, automate persistence, block removal, and enable VNC-based remote device control.
Category: cybercrime/malcode
Hackers target Microsoft Entra accounts in device code vishing attacks
Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device Authorization flow and compromise Microsoft Entra accounts.
Unlike previous attacks that utilized malicious OAuth applications to compromise accounts, these campaigns instead leverage legitimate Microsoft OAuth client IDs and the device authorization flow to trick victims into authenticating.
This provides attackers with valid authentication tokens that can be used to access the victim’s account without relying on regular phishing sites that steal passwords or intercept multi-factor authentication codes.
PromptSpy is the first known Android malware to use generative AI at runtime
Researchers have discovered the first known Android malware to use generative AI in its execution flow, using Google’s Gemini model to adapt its persistence across different devices.
In a report today, ESET researcher Lukas Stefanko explains how a new Android malware family named “PromptSpy” is abusing the Google Gemini AI model to help it achieve persistence on infected devices.
“In February 2026, we uncovered two versions of a previously unknown Android malware family,” explains ESET.
Police arrests 651 suspects in African cybercrime crackdown
African law enforcement agencies arrested 651 suspects and recovered over $4.3 million in a joint operation targeting investment fraud, mobile money scams, and fake loan applications.
As INTERPOL revealed on Wednesday, Operation Red Card 2.0 identified 1,247 victims between December 8 and January 30 while targeting cybercrime operations linked to over $45 million in financial losses.
Authorities across 16 countries also seized 2,341 devices and took down 1,442 malicious websites, domains, and servers during this joint action coordinated by the African Joint Operation against Cybercrime (AFJOC).
Why Cybersecurity Strategies and Frameworks Must Be Recalibrated in the Age of AI and Quantum Threats
#cybersecurity #ai #quantum
Artificial intelligence and quantum computing are no longer hypothetical; they are actively altering cybersecurity, extending attack surfaces, escalating dangers, and eroding existing defenses. We are in a new ear of emerging technologies that are directly impacting cybersecurity requirements.
As a seasoned observer and participant in the cybersecurity domain—through my work, teaching, and contributions to Homeland Security Today, my book “Inside Cyber: How AI, 5G, IoT, and Quantum Computing Will Transform Privacy and Our Security”, — I have consistently underscored that technological advancement is outpacing our institutions, policies, and workforce preparedness.
Current frameworks, intended for a pre-digital convergence era, are increasingly unsuitable. In order to deal with these dual-use technologies that act as force multipliers for both defenders and enemies, we must immediately adjust our strategy as time is of the essence.
