Researchers at ESET have discovered what they believe is the first ransomware to use an integrated AI language model to generate malicious code in real time.
The malware, named PromptLock, runs the open-source gpt-oss:20b model locally through the Ollama API. This setup allows it to create dynamic scripts that work across multiple platforms while evading detection.
ESET disclosed the finding on X after analysing samples uploaded to VirusTotal. The ransomware, identified as Filecoder.PromptLock.A, is written in Golang and targets both Windows and Linux systems. Researchers noted that the malware still appears to be in development and may only be a proof-of-concept, but its design signals a new stage in ransomware evolution.
PromptLock can generate Lua scripts on demand using pre-set prompts. These scripts perform file system scans, data exfiltration, and encryption. Because of this design, the malware can run on Windows, macOS, and Linux without the need for separate builds.
The ransomware uses the SPECK 128-bit encryption algorithm. Although it includes logic for file destruction, those routines are not yet fully implemented. ESET also found a hardcoded Bitcoin address linked to Satoshi Nakamoto, which may serve as a distraction rather than a real payment channel.
AI integration
Instead of embedding a large language model directly, which would make the malware too large, PromptLock connects to an attacker-controlled server running the Ollama API and the model. This proxy method keeps the malware lightweight and bypasses network restrictions.
ESET compared PromptLock to LAMEHUG, a piece of AI-powered malware linked to suspected Russian groups in Ukraine. That malware used HuggingFace’s Qwen 2.5-Coder model to create system commands on the fly. PromptLock goes further by running the model locally, removing the need for external APIs and allowing offline code generation.
Security concerns
AI-driven malware poses new risks because it can change its behaviour depending on the system it infects. Unlike traditional ransomware, it does not rely on static code.
ESET advises defenders to monitor Lua script execution, especially scripts that scan files or encrypt data. Administrators should also watch for proxy tunnelling linked to the Ollama API and track the file hashes shared by researchers.
