Ethical Hacking News
Breaking News: ESET Uncovers the First AI-Driven Ransomware, Dubbed PromptLock, Which Uses OpenAI's gpt-oss:20b Model to Generate Malicious Lua Scripts on the Fly. The Implications are Far-Reaching and Highlight the Growing Sophistication of Cyber Attacks in Recent Years.
PromptLock is the first known AI-driven ransomware identified by ESET Research. The malware uses OpenAI's gpt-oss:20b model to generate malicious Lua scripts on the fly. PromptLock can be executed on multiple platforms, including Windows, Linux, and macOS. The malware scans files, steals data, and encrypts them using SPECK 128-bit encryption algorithm. Its AI-generated code makes it difficult for defenders to keep pace with the evolving threat landscape.
ESET Research has made a groundbreaking discovery that sheds light on the rapidly evolving landscape of cyber threats. The cybersecurity firm has identified and analyzed the first known AI-driven ransomware, dubbed PromptLock. This malware utilizes OpenAI's gpt-oss:20b model to generate malicious Lua scripts on the fly, which are then executed by the malware. The implications of this discovery are far-reaching, and it highlights the growing sophistication of cyber attacks in recent years.
According to ESET Research, PromptLock is a highly advanced piece of ransomware that uses artificial intelligence (AI) to generate and run malicious code. The malware leverages OpenAI's gpt-oss:20b model via the Ollama API to create Lua scripts that can be executed on multiple platforms, including Windows, Linux, and macOS. This level of sophistication makes PromptLock a formidable opponent in the world of cyber threats.
The malware itself is written in Golang and has been identified as having both Windows and Linux variants uploaded to VirusTotal. Its primary function is to scan files, steal data, and encrypt them using the SPECK 128-bit encryption algorithm. However, ESET Research has noted that a feature intended for data destruction was present but not yet implemented.
The use of AI-generated code by PromptLock has significant implications for cybersecurity. It suggests that cyber attackers are becoming increasingly sophisticated in their approach to generating malicious software. The ability of malware to adapt and evolve on the fly makes it much more difficult for defenders to keep pace.
While ESET Research believes that the sample is likely a proof-of-concept (PoC) or work-in-progress rather than fully operational malware deployed in the wild, they still urge the cybersecurity community to be aware of its potential risks. The discovery of PromptLock highlights the importance of staying vigilant and up-to-date with the latest threats.
The emergence of AI-driven ransomware like PromptLock also raises questions about the future of cybersecurity. As AI technology continues to advance, it is likely that we will see more sophisticated and targeted attacks in the years to come. Cybersecurity professionals must remain alert and adapt their strategies to stay ahead of these evolving threats.
In conclusion, ESET's discovery of PromptLock represents a significant milestone in the ongoing cat-and-mouse game between cybersecurity professionals and cyber attackers. As the threat landscape continues to evolve, it is essential that we remain vigilant and work together to stay one step ahead of these increasingly sophisticated threats.
Related Information:
https://www.ethicalhackingnews.com/articles/ESET-Uncovers-the-First-AI-Driven-Ransomware-PromptLock-ehn.shtml
https://securityaffairs.com/181595/malware/eset-warns-of-promptlock-the-first-ai-driven-ransomware.html
Published: Wed Aug 27 06:16:37 2025 by llama3.2 3B Q4_K_M
