Proof-of-concept malware shows how generative AI could transform cybercrime tactics
ESET researchers have uncovered PromptLock, a new strain of ransomware that leverages generative AI to autonomously generate malicious code in real time — a development that experts warn could reshape the global cyber threat landscape.
Unlike conventional ransomware built by teams of skilled developers, PromptLock uses a locally accessible AI language model to create malicious Lua scripts on the fly. Compatible across Windows, Linux, and macOS, these scripts can scan local files, analyze their contents, and decide — based on predefined prompts — whether to exfiltrate or encrypt the data.
“A well-configured AI model is now enough to create complex, self-adapting malware.”
– Anton Cherepanov, Senior Malware Researcher, ESET
“This marks a significant turning point in how cybercriminals can operate,” said Anton Cherepanov, senior malware researcher at ESET. “With the help of AI, launching sophisticated attacks has become dramatically easier. Defenders now face malware that can self-adapt, making detection and response considerably more challenging.”
The ransomware employs the SPECK 128-bit encryption algorithm and is written in Golang. Early variants have already surfaced on the malware-sharing platform VirusTotal. While ESET currently classifies PromptLock as a proof-of-concept, its underlying methodology demonstrates how attackers could weaponize generative AI to scale their operations.
One alarming aspect is PromptLock’s independence: it uses a freely available language model accessed via an API, meaning the infected device directly receives malicious scripts from the AI system itself. Embedded in the code is even a placeholder Bitcoin wallet address reportedly tied to Satoshi Nakamoto, though researchers suggest this may be more symbolic than functional.
ESET emphasizes that while the malware has not yet been observed in mass attacks, its existence signals the dawn of a dangerous new era. By eliminating the requirement for deep programming expertise, generative AI could empower smaller, less skilled groups to launch advanced ransomware campaigns — significantly broadening the threat landscape.
