- ESET discovers PromptLock, first AI-driven ransomware generating malicious scripts dynamically
- PromptLock scans systems, exfiltrates, encrypts, or destroys data based on AI decisions
- NFC malware also rising; experts urge updates, backups, and cautious handling of files/tools
Generative Artificial Intelligence (GenAI) is now being used to code ransomware encryptors, researchers have said, revealing how the technology is no longer solely used for crafting phishing and scam content.
ESET Research’s latest Threat Report detailed PromptLock, the first known AI-driven ransomware, “capable of generating malicious scripts on the fly”, using an OpenAI model, via the Ollama API, to generate, and then execute, malicious scripts.
It contains two main components: a static main module that handles communication with the server running the AI model and carries hardcoded prompts, and cross-platform Lua scripts that are dynamically generated by the model via the prompts.
How to stay safe
ESET found these scripts serve multiple functions, from enumerating the local filesystem, to exfiltrating data, and performing encryption. It also means PromptLock can scan victim systems on its own, and decide whether the identified data should be exfiltrated, encrypted, or simply destroyed.
At the moment, PromptLock is a proof-of-concept, ESET further stated, so the risk of running into it in the wild is relatively low – however its very existence should be cause for concern.
“The emergence of tools like PromptLock highlights a significant shift in the cyberthreat landscape,” said Anton Cherepanov, ESET Senior Malware Researcher.
“With the help of AI, launching sophisticated attacks has become dramatically easier, eliminating the need for teams of skilled developers. A well-configured AI model is now sufficient to create complex, self-adapting malware. If properly implemented, such threats could severely complicate detection and make the work of cybersecurity defenders considerably more challenging.”
Besides ransomware, NFC threats are also growing in both scale and sophistication, ESET warned. In the second half of the year, the researchers saw an 87% increase in telemetry, as well as “several” notable upgrades. NGate, for example, which was one of the first NFC-enabled malware, was upgraded to steal contacts, as well.
To stay safe as AI-powered threats emerge, users and organizations should focus on fundamentals that still work.
Keep operating systems, browsers, and security tools fully updated to reduce the attack surface, use reputable endpoint protection and enable behavioral detection, not just signature-based scanning.
They should also treat unexpected files, installers, and “tools” with caution, especially those claiming productivity or AI benefits, and limit admin privileges so malware cannot easily encrypt or destroy data. Regular, offline backups remain critical for ransomware resilience, as well, and so does employee education.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/ThNyuwnA55tfcixfqWcEcA-970-80.jpg
Source link
