Security experts from the IT security company ESET have discovered a new type of malware called PromptLock, which is the first ransomware to use artificial intelligence (AI) in a targeted manner. The malware uses a locally installed AI language model to automatically generate scripts that search, copy, or encrypt files during an attack. This innovation marks a turning point in the cyber threat landscape and poses new challenges for cybersecurity.

PromptLock generates cross-platform Lua scripts that work on Windows, Linux, and macOS. The AI analyzes local files and decides independently based on predefined text commands whether data is encrypted or spied on. For encryption, the malware uses the 128-bit SPECK algorithm. Although a file destruction feature is prepared, it is not yet active. The malware, written in the Golang programming language, was first discovered on the VirusTotal analysis platform. ESET classifies it as a proof-of-concept, but emphasizes the real danger.

The special feature of PromptLock lies in the use of a freely available language model that is operated locally via the Ollama API. This allows the malware to create attack scripts directly on the infected device without needing a cloud connection. A curious detail is the Bitcoin address embedded in the code, which is attributed to the pseudonymous Bitcoin inventor Satoshi Nakamoto – possibly a diversionary tactic.

The discovery of PromptLock shows how AI simplifies the development of complex malware without the need for extensive programming skills. This could significantly lower the hurdles for cybercriminals and make it more difficult to detect such threats. ESET has published the technical details to raise awareness among the IT security community and classifies the malware as Filecoder.PromptLock.A. Companies and users are urged to monitor suspicious Lua scripts as well as unusual network activity to arm themselves against this new threat.

Editor: X-Press Journalistenbüro GbR

Gender Notice. The personal designations used in this text always refer equally to female, male and diverse persons. Double/triple naming and gendered designations are used for better readability. ected.