- ESET discovers PromptLock, the first AI-based ransomware that dynamically generates malicious scripts
- PromptLock scans systems, exfiltrates, encrypts or destroys data based on AI decisions
- NFC malware is also on the rise; experts recommend updates, backups and careful file/tool management
Generative artificial intelligence (GenAI) is now being used to code ransomware encryptors, researchers said, revealing that the technology is no longer just used to create phishing and scam content.
ESET Research’s latest threat report details PromptLock, the first known AI-based ransomware, “capable of generating malicious scripts on the fly”, using an OpenAI model, via the Ollama API, to generate and then execute malicious scripts.
It contains two main components: a static main module that handles communication with the server running the AI model and carries hard-coded prompts, and cross-platform Lua scripts dynamically generated by the model via the prompts.
How to stay safe
ESET has discovered that these scripts perform multiple functions, from enumerating the local file system to data exfiltration and encryption. This also means that PromptLock can analyze victims’ systems itself and decide whether the identified data should be exfiltrated, encrypted or simply destroyed.
At the moment, PromptLock is a proof of concept, ESET added, so the risk of encountering it in the wild is relatively low – but its very existence should be cause for concern.
“The emergence of tools such as PromptLock highlights a significant shift in the cyber threat landscape,” said Anton Cherepanov, senior malware researcher at ESET.
“Thanks to AI, launching sophisticated attacks has become significantly easier, eliminating the need for teams of skilled developers. A well-configured AI model is now sufficient to create complex, self-adapting malware. If implemented correctly, such threats could seriously complicate detection and make the work of cybersecurity defenders significantly more difficult.”
In addition to ransomware, NFC threats are also growing in scale and sophistication, ESET warns. During the second half of the year, researchers saw an 87% increase in telemetry, as well as “several” notable improvements. NGate, for example, which was one of the first NFC-enabled malware, has also been upgraded to steal contacts.
To stay safe in the face of emerging AI-based threats, users and organizations need to focus on the fundamentals that still work.
Keep operating systems, browsers, and security tools fully up to date to reduce the attack surface, use reputable endpoint protection, and enable behavioral detection, not just signature-based scanning.
They should also treat unexpected files, installers, and “tools” with caution, especially those that claim productivity or AI benefits, and limit administrator privileges so that malware cannot easily encrypt or destroy data. Regular, offline backups also remain essential to ransomware resilience, as does employee training.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
