ESET today announced the discovery of the “first known AI-powered ransomware.” The ransomware in question is called PromptLock because everything related to the generation AI probably needs to be prefixed with a “prompt”.
ESET says that the malware uses a large open-weight language model developed by OpenAI to generate scripts that can perform a variety of functions on Windows, MacO and Linux systems, disrupting defense tools by showing slightly different behavior each time.
LUA may seem like a strange choice in ransomware programming languages. It is mostly known for being used to develop games within Roblox or plugins in Neovim Text Editor. But in reality it is a general purpose language that offers ransomware operators a variety of benefits, focusing on excellent performance, cross-platform support and simplicity suitable for “vibe coding”.
PromptLock uses Openai's GPT-OSS:20B model locally via the Ollama API to generate malicious LUA scripts on the fly. This helps avoid detection. The fact that the model runs locally cannot be snitched with a ransomware operator. If you have to call the API on the server each time you generate any of these scripts, the jig will rise. The pitfalls of atmospheric coding don't really apply, as scripts are running on other people's systems.
to follow Google News Tom Hardware Latest news, analysis, and review In your feed. surely[フォロー]Please click the button.
