Particle.news
Download on the App Store
13 ARTICLES
·
5d ago

ESET Uncovers 'PromptLock,' AI-Driven Ransomware Prototype That Generates Its Own Scripts

Researchers say the Go-based sample appears to be a proof of concept with no evidence of real-world deployment.

AI hacking
an open cybersecurity padlock on a stylized, illustrated background to look like an electronic device
Image
Image

Overview

  • PromptLock was identified on VirusTotal on August 25 from a U.S.-sourced upload, and its authorship remains unknown.
  • It uses OpenAI’s gpt-oss:20b model through the Ollama API to locally generate Lua payloads that execute on Windows, Linux and macOS.
  • The AI-produced scripts can enumerate files, inspect and exfiltrate data, and encrypt content with the SPECK 128-bit cipher, while a data-destruction feature is present but not implemented.
  • ESET cautions that indicators of compromise may differ between executions, and notes attackers could proxy requests to an external Ollama server rather than host a model inside victim networks.
  • Implementation quirks — including SPECK, a hard-coded Bitcoin address linked to Satoshi Nakamoto, and incomplete features — underpin ESET’s assessment that PromptLock is a work in progress.