ESET specialists have discovered an unusual piece of malware dubbed PromptLock. The researchers describe it as the first known ransomware to use AI.
According to experts, this malware does not yet appear to be fully functional and is clearly still in development. However, researchers have found variants of the malware for Windows and Linux uploaded to VirusTotal.
“Although multiple indicators suggest that this sample is a proof of concept or someone’s unfinished work rather than a fully functional piece of malware used in attacks, we consider it our duty to inform the cybersecurity community about such developments,” ESET says.
Despite the lack of any real-world infections, the PromptLock example shows that AI can significantly streamline the “work” for cybercriminals.
Researchers explain that PromptLock uses OpenAI’s gpt-oss-20b model, which is one of two free open-weight models the company published earlier this month. It runs locally on the infected device via the Ollama API and generates malicious Lua scripts “on the fly”.
“PromptLock uses Lua scripts generated with hard-coded prompts to enumerate the local file system, examine target files, extract selected data, and perform encryption,” the researchers say, noting that the Lua scripts run on machines running Windows, Linux, and macOS.
After that, the malware determines which files to search for, copy, encrypt, or even destroy, based on the file type and its contents. According to the researchers, the data-wiping functionality has not yet been implemented.
PromptLock uses the 128-bit SPECK algorithm to encrypt files, and the ransomware itself is written in Go.
