PromptSpy marks the dawn of AI-powered malware — the first Android trojan using Google Gemini at runtime. BeyondTrust CVE-2026-1731 (CVSS 9.9) actively exploited in ransomware campaigns. Deutsche Bahn hit by massive DDoS. French bank registry FICOBA breached exposing 1.2M accounts. Microsoft patches 6 zero-days.
ESET researchers discovered PromptSpy — the first Android malware that uses Google Gemini AI to analyze device screens and generate persistence instructions in real-time. This isn't theoretical; it's deployed and active.
Traditional malware follows pre-programmed logic. PromptSpy thinks. It captures device screenshots, sends them to Google Gemini, and receives AI-generated instructions for:
AI-powered malware can adapt to devices it has never seen before. Static security rules cannot keep pace. Organizations need AI-powered security to counter AI-powered threats.
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) are under mass exploitation. CISA added to KEV with urgent patching required.
| Attribute | Details |
|---|---|
| CVE | CVE-2026-1731 |
| CVSS | 9.9 CRITICAL |
| Impact | Execute OS commands as site user |
| Status | Actively exploited in ransomware campaigns |
| Attribution | Palo Alto Unit 42 |
Targeted Sectors: Financial services, legal, high-tech, higher education, healthcare
Targeted Geographies: United States, France, Germany, Australia, Canada
French Finance Ministry's national banking database breached. 1.2 million bank accounts exposed since end of January 2026.
| Data Exposed | Impact |
|---|---|
| Bank account numbers | Financial fraud risk |
| Account holder names | Identity theft |
| Addresses | Physical security risk |
| Tax IDs (some) | Tax fraud risk |
Attack vector: Credential theft → Government access → National database
NIS2 Implication: Government credentials = single point of failure. NIS2 requires credential hygiene and access controls.
BSI portal registration requires ELSTER certificate which takes 5-10 business days to process. Act NOW or miss the deadline.
Germany's largest rail operator experienced massive DDoS attack disrupting information and booking systems. Under NIS2, critical infrastructure operators face mandatory reporting and substantial fines for inadequate resilience.
| Metric | Value |
|---|---|
| Microsoft zero-days | 6 |
| BeyondTrust CVSS | 9.9 |
| French accounts breached | 1.2M |
| German companies affected by NIS2 | 29,000 |
| Days until NIS2 deadline | 14 |
PromptSpy proves malware is evolving faster than static rules can handle. KENSAI uses AI-powered vulnerability detection to stay ahead of adaptive threats.
Start Free Security ScanStay secure. Stay vigilant.
🗡️ KENSAI Security Team