MoineauWorld.com – Where Cooking Meets Tech & Everything Between

Tag: LLMs

Android Spyware Learns to Outsmart Removal | Analysis by Brian Moineau

Posted on by Brian Moineau

Android malware just learned to ask for directions — from Gemini

A new strain of Android spyware called PromptSpy has put a chill in the security world by doing something we’ve only warned about in hypotheticals: it queries a large language model at runtime to decide what to do next. Instead of relying solely on brittle, hardcoded scripts that break across phone models and launchers, PromptSpy asks Google’s Gemini to interpret what’s on the screen and return step-by-step gestures to keep itself running and hard to remove.

It sounds like sci‑fi. It’s real. And even if this particular sample looks like a limited proof of concept, the implications are worth taking seriously.

Why this matters

  • PromptSpy is the first reported Android malware to integrate generative AI into its execution flow. That means an attacker can outsource part of the “how” to a model that understands language and UI descriptions, rather than trying to write brittle device‑specific navigation code. (globenewswire.com)
  • The malware uses Gemini to analyze an XML “dump” of the screen (UI element labels, class names, coordinates) and asks the model how to perform gestures (taps, swipes, long presses) to, for example, pin the malicious app in the Recent Apps list so it can’t be easily swiped away. That persistence trick — paired with accessibility abuse and a VNC module — turns a compromised phone into a remotely controllable device. (globenewswire.com)
  • This isn’t yet a massive outbreak. ESET’s initial research and telemetry don’t show widespread infections; distribution appears to be via a malicious domain and sideloaded APKs (not Google Play). Still, the technique expands the attacker toolbox. (globenewswire.com)

The anatomy of PromptSpy (plain English)

  • The app arrives outside the Play Store (phishing / fake bank site distribution).
  • It requests Accessibility permissions — that’s the red flag to watch for. With those permissions it can read UI elements and simulate touches.
  • PromptSpy captures an XML snapshot of what’s on screen and sends that, with a natural-language prompt, to Gemini.
  • Gemini returns structured instructions (JSON) with coordinates and gesture types.
  • The malware repeats the loop until Gemini confirms the desired state (e.g., the app is locked in the Recent Apps view).
  • Meanwhile it can deploy a built-in VNC server to let operators observe and control the device, capture screenshots and video, and block uninstallation via invisible overlays. (globenewswire.com)

What the vendors are saying

  • ESET, which discovered PromptSpy, named and analyzed the family and warned about the adaptability that generative AI brings to UI-driven malware. They emphasized that the Gemini component was used for a narrow but strategic purpose — persistence — and that the model and prompts were hard-coded into the sample. (globenewswire.com)
  • Google has noted that devices with Google Play Protect enabled are protected from known PromptSpy variants, and that the malware has not been observed in the Play Store. Google and other platforms are already using AI in defensive workflows, and Play Protect flagged the known samples. That said, the prescriptive takeaway from Google and researchers is: don’t sideload unknown apps and be suspicious of Accessibility requests. (helentech.jp)
  • Security teams have previously shown LLMs can be “prompted” into unsafe actions (so‑called prompt‑exploitation), and other threat research has already demonstrated experiments where malware queries LLMs for obfuscation or evasion tactics. PromptSpy is the first high‑profile example of a mobile threat using a model to make runtime UI decisions. (cloud.google.com)

Practical advice for users and admins

  • Treat Accessibility permission requests as extremely sensitive. Only grant them to well-known, trusted apps that explicitly need them (e.g., assistive tools you intentionally installed). PromptSpy relies on Accessibility abuse to operate. (globenewswire.com)
  • Keep Play Protect enabled and your device updated. Google says Play Protect detects known PromptSpy variants and the sample was not found in Google Play — meaning the main exposure vector is sideloading. (helentech.jp)
  • Don’t install APKs from untrusted websites. Even a convincing “bank app” landing page can be a trap.
  • If you suspect infection: reboot to Safe Mode (which disables third‑party apps) and uninstall the suspicious app from Settings → Apps. If removal is blocked, Safe Mode should allow you to remove it. (globenewswire.com)
  • Enterprises should monitor for unusual Accessibility API usage and VNC‑like activity, and enforce app installation policies that block sideloading where possible.

Bigger picture: a step change in attacker workflows

PromptSpy is not a finished army of super‑malware; it’s an inflection point. A few things to keep in mind:

  • Outsourcing UI logic to an LLM lowers the development cost and time for attackers who want their malware to work across many devices and OEM interfaces. That expands the potential victim pool without requiring extensive per‑device engineering. (globenewswire.com)
  • Right now the model and prompts were embedded in the sample, not letting the attacker dynamically reprogram behavior on the fly. But as attackers iterate, we can expect more dynamic patterns: just‑in‑time code snippets, adaptive obfuscation, or model‑assisted social engineering. (globenewswire.com)
  • Defenders are also using AI. Google and other vendors are integrating generative models into detection and app review. That creates an arms race where models will be used on both sides — but history shows defensive systems must evolve faster than attackers to keep users safe. (tech.yahoo.com)

My take

PromptSpy should be a wake‑up call, not a panic button. The malware demonstrates a plausible and worrying technique — using an LLM to adapt UI interactions in the wild — but it also highlights where traditional defenses still work: cautious app sourcing, permission hygiene, Play Protect and safe removal procedures. The bigger risk is what comes next, not this single sample: models make it easier to automate tasks that were once fiddly and fragile. Expect attackers to test and reuse these ideas, and expect defenders to double down on detecting model‑assisted behavior.

Security in an era of ubiquitous generative AI is going to be a cat‑and‑mouse game where the mice learned to read maps. Keep your guard up.

Readable summary

  • PromptSpy is the first widely reported Android malware to query a generative model (Gemini) at runtime to adapt UI actions for persistence. (globenewswire.com)
  • It relies on Accessibility abuse, has a VNC component, and was distributed outside the Play Store. Play Protect reportedly detects known variants. (globenewswire.com)
  • Protect yourself by avoiding sideloads, rejecting suspicious Accessibility requests, keeping Play Protect and updates enabled, and using Safe Mode removal if needed. (globenewswire.com)

Sources



Related update: We recently published an article that expands on this topic: read the latest post.

Related update: We recently published an article that expands on this topic: read the latest post.

Meta AI Shakeup Risks Mass Exodus | Analysis by Brian Moineau

Posted on by Brian Moineau

A crisis of culture at Meta? Yann LeCun’s blunt warning about the company’s new AI boss

Meta just got slapped with a brutally candid diagnosis from one of AI’s most respected figures. Yann LeCun — often called a “godfather of deep learning” — left the company after more than a decade and, in a recent interview, described Meta’s new AI leadership as “young” and “inexperienced,” and warned that the company is already bleeding talent and will lose more. That’s not an idle jab; it’s a red flag about research culture, trust, and how big tech manages risky bets in the AI arms race. (archive.vn)

Why this matters right now

  • Meta is pouring huge sums into building advanced AI and is reorganizing its research and product teams aggressively. That includes big hires and investments — notably a multi-billion-dollar deal tied to Scale AI and the hiring of Alexandr Wang to lead a superintelligence-focused unit. (cnbc.com)
  • LeCun’s critique touches three volatile issues for any AI leader: technical strategy (LLMs versus “world models”), credibility (benchmarks and product claims), and people management (researchers’ autonomy and retention). When any two of those wobble, the third can quickly follow. (archive.vn)

Here are the essentials you need to know.

Quick read: the core claims

  • LeCun says Alexandr Wang, who joined from Scale AI after Meta’s large investment there, is “young” and “inexperienced” in how research teams operate — and that matters for running a research-first organization. (archive.ph)
  • He admits Meta’s Llama 4 release involved fudged or selectively presented benchmark results, which eroded Mark Zuckerberg’s confidence in the team and sparked a reorganization. (archive.vn)
  • LeCun warns the fallout has already driven many people out and predicts many more will leave, a claim that signals potential long-term damage to Meta’s ability to compete on talent and innovation. (archive.vn)

The backstory you should understand

  • In 2024–2025 Meta moved from internal FAIR-led research to an aggressive, top-down “superintelligence” buildout — hiring LLM and product leaders, dangling massive sign-on packages, and buying a stake in Scale AI to accelerate data and tooling. That shift prioritized speed and scale, sometimes at the expense of slower, curiosity-driven research. (cnbc.com)
  • Llama 4 (released April 2025) was supposed to be a showcase. Instead, problems with benchmark presentation and performance led to internal embarrassment and a shake-up of trust at the top. LeCun says that sequence is what allowed external hires to outrank and oversee long-time researchers. (archive.vn)

What’s really at stake

  • Talent flight: Research labs thrive on independence, long horizons, and reputational capital. If top researchers feel sidelined or that scientific integrity was compromised, leaving becomes rational. LeCun’s prediction of further departures isn’t hyperbole — it’s an expected consequence when researchers see governance and values shifting. (archive.vn)
  • Strategy mismatch: LeCun argues LLMs alone won’t get us to “superintelligence” and advocates world models and embodied learning approaches. A company that bets the house on LLM-styled scale may end up optimized for short-term product wins instead of longer-term breakthroughs. That’s a strategic risk if competitors diversify their research bets. (archive.vn)
  • Credibility and product risk: When benchmark results or research claims are questioned, both external trust (partners, regulators, customers) and internal morale suffer. Fixing credibility is slow; losing researcher confidence can be permanent. (archive.vn)

The counter-arguments (and why leadership might still double down)

  • Speed and scale can win market share. Meta’s aggressive hiring and buyouts are a play to catch up with OpenAI and Google on productizable models — something investors and product teams pressure for. From a CEO’s lens, fast results can justify restructuring. (cnbc.com)
  • Bringing in operationally minded leaders from startups can inject execution discipline. But execution and deep research are different muscles; blending them successfully requires careful cultural work, not just big paychecks. (cnbc.com)

Signals to watch next

  • Further departures or public statements by other senior researchers (names, dates, and context matter). (archive.vn)
  • How Meta responds publicly to the Llama 4 benchmark questions — will there be transparency, independent audits, or internal accountability? (archive.vn)
  • Whether Meta adjusts its investment mix between LLM-driven product work and longer-horizon research (funding, org charts, and research autonomy). (cnbc.com)

My take

Meta’s situation reads like a classic tension between product urgency and scientific method. The company is racing to turn AI into platform-defining products — understandable in a competitive market — but that urgency can be corrosive if it sidelines the culture that produces genuine breakthroughs. LeCun’s critique matters because it’s not just a personality clash: it flags how institutional incentives shape what kinds of AI get built, and who gets to build them.

If Meta wants to be more than a product factory for LLMs, it needs to do more than hire star names or write big checks. It needs governance that protects research autonomy, clearer accountability on research claims, and real career pathways that keep top scientists invested in the company’s long-term vision. Otherwise, the talent and trust losses LeCun predicts will become a self-fulfilling prophecy. (archive.vn)

Final thoughts

Big bets in AI are inevitable, but so is the fragility of research cultures. When a company treats science like a supply chain item instead of a craft, it risks losing the very people who turn insight into impact. Meta’s next moves — rebuilding credibility, balancing short- and long-term bets, and repairing researcher relations — will tell us whether this moment becomes a costly detour or a course correction.

Sources



Related update: We recently published an article that expands on this topic: read the latest post.

Related update: We recently published an article that expands on this topic: read the latest post.