ESET Discovers First AI-Based Ransomware — PromptLock Uses Local AI to Avoid API Tracking
ESET today announced the discovery of the first known AI-based ransomware, dubbed PromptLock.
ESET today announced the discovery of the first known AI-based ransomware, dubbed PromptLock.
ESET said that this malware uses a large open-source language model developed by OpenAI to create scripts that can perform a variety of functions on Windows, macOS, and Linux systems, while confusing security tools by displaying slightly different behavior each time, writes Tom's Hardware.
ESET reported in its Mastodon post about the malware that PromptLock “uses Lua scripts generated from hard-coded prompts to list local files, inspect target files, steal selected data, and encrypt them.”
"Depending on the user's files detected, the malware can steal data, encrypt it, or possibly destroy it. Although the destruction feature does not appear to be implemented yet," the post states.
While Lua may seem like an odd choice for a ransomware virus, as it is mostly known for its use in Roblox game development or plugins for the NeoVim text editor, it is actually a versatile programming language. It has a number of advantages that are useful to malware developers, including high performance, cross-platform support, and simplicity that makes it suitable for “vibe coding.”
PromptLock “uses OpenAI’s local gpt-oss:20b model via the Ollama API to generate malicious Lua scripts on the fly.” This helps it avoid detection.
The fact that the model runs locally also makes it impossible for OpenAI to report on the ransomware developers’ activities. If they were forced to access the API on the company’s servers each time to generate each script, their scheme would be exposed. The drawbacks of “vibe coding” are also irrelevant here, since the scripts are executed on someone else’s system.
Hacker launched a malicious query that could erase data from a disk into Amazon's AI coding assistant
Hacker launched a malicious query that could erase data from a disk into Amazon's AI coding assistant
A weak password allowed hackers to take down a 158-year-old company and put 700 people out of work
A weak password allowed hackers to take down a 158-year-old company and put 700 people out of work
Read the country's main IT news in our Telegram
Read the country's main IT news in our Telegram
