Thought Leadership
Researchers from security company ESET have discovered an unusual malware that uses artificial intelligence in a new way.
The program is called PromptLock and differs from previous ransomware variants because it uses a locally installed language model to independently generate scripts during the attack. This ability allows the malware to flexibly access, copy or encrypt files – depending on the instructions stored in the code.
Functionality and special features
PromptLock creates so-called Lua scripts that can be run under Windows, Linux and macOS. The software searches local directories, analyzes the contents and decides on its own how to proceed. In addition to encrypting or spying on data, a function for permanent deletion has apparently also been prepared – but has not yet been activated.
Encryption is carried out using the SPECK algorithm in a 128-bit version. The malicious program was developed in Golang. The first samples have already appeared on the VirusTotal analysis platform. Although ESET assumes that this is currently still a proof of concept, i.e. a kind of feasibility study, the risk should nevertheless be taken seriously.
ESET security researcher Anton Cherepanov emphasizes that such tools significantly lower the entry barriers for attackers: a powerful language model can be enough to generate malware that adapts and is harder to detect. This is a clear warning sign for cyber security.
Local AI instead of cloud connection
It is particularly noteworthy that the software does not contact an external system, but uses a language model integrated locally via an API. This means that the attack scripts are created directly on the affected computer. Even the Bitcoin address for the requested payment is anchored in the program code. Curiously, this address leads to a wallet that is attributed to Bitcoin inventor Satoshi Nakamoto.
ESET has published technical details under the name Filecoder.PromptLock.A to sensitize professionals to the new threat. PromptLock shows that artificial intelligence not only opens up new possibilities in a positive sense, but can also take the development of malware to a new level.
