A new ransomware has been identified, which is believed to be the first-ever ransomware strain that leverages a local AI model to generate its malicious components.
Dubbed “PromptLock” by the ESET Research team that discovered it, the malware uses OpenAI’s gpt-oss:20b model via the Ollama API to create custom, cross-platform Lua scripts for its attack chain.
While the malware appears to be a proof-of-concept (PoC) and not yet deployed in active campaigns, its novel architecture represents a significant and worrying evolution in malware design, demonstrating how threat actors are beginning to integrate local large language models (LLMs) to create more dynamic and evasive threats.
On-the-Fly Code Generation
PromptLock is written in Golang and has been identified in both Windows and Linux variants on the VirusTotal repository.
Its core functionality deviates from traditional ransomware, which typically contains pre-compiled malicious logic. Instead, PromptLock carries hard-coded prompts that it feeds to a locally running gpt-oss:20b model.
Analysis of the malware’s network traffic reveals POST requests to a local Ollama API endpoint (172.42.0[.]253:8443). These requests contain prompts instructing the AI model to act as a “Lua code generator.”
The prompts task the model with creating scripts for specific malicious activities, including:
- System Enumeration: Generating Lua code to gather system parameters like OS type, username, hostname, and current working directory. The prompts specifically demand cross-platform compatibility for Windows, Linux, and macOS.
- File System Inspection: Creating scripts to scan the local filesystem, identify target files, and analyze their contents, with instructions to look for PII or sensitive information.
- Data Exfiltration & Encryption: Once target files are identified, the AI-generated scripts are executed to handle data exfiltration and subsequent encryption.
The use of Lua is a strategic choice, as its lightweight and embeddable nature allows the generated scripts to run seamlessly across multiple operating systems, maximizing the malware’s potential target base.
For its encryption payload, PromptLock utilizes the SPECK 128-bit block cipher, a lightweight algorithm suitable for this flexible attack model.
ESET researchers emphasize that multiple indicators suggest PromptLock is still in a developmental stage. For instance, a function intended for data destruction appears to be defined but not yet implemented.
Further intrigue is added by an unusual artifact found within one of the prompts: a Bitcoin address that seemingly belongs to Satoshi Nakamoto, the pseudonymous creator of Bitcoin. While this is likely a placeholder or a misdirection, it adds a peculiar signature to this early-stage malware.
Despite its PoC status, ESET made the decision to disclose its findings publicly. “We believe it is our responsibility to inform the cybersecurity community about such developments,” the researchers stated, highlighting the need for proactive defense against this emerging threat vector.
As local LLMs become more powerful and accessible, security teams must prepare for a future where malware is no longer static but generated dynamically on victim machines.
Indicators of Compromise (IoCs)
Malware Family: Filecoder.PromptLock.A
SHA1 Hashes:
24BF7B72F54AA5B93C6681B4F69E579A47D7C102AD223FE2BB4563446AEE5227357BBFDC8ADA3797BB8FB75285BCD151132A3287F2786D4D91DA58B8F3F4C40C344695388E10CBF29DDB18EF3B61F7EF639DBC9B365096D6347142FCAE64725BD9F73270161CDCDB46FB8A348AEC609A86FF5823752065D2
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
