ESET uncovers PromptLock ransomware that leverages generative AI to create cross-platform attacks

ESET uncovers PromptLock ransomware that leverages generative AI to create cross-platform attacks

(IN BRIEF) ESET Research has discovered PromptLock, a new ransomware prototype that uses generative AI to generate malicious Lua scripts in real time, capable of infecting Windows, Linux, and macOS systems. Unlike traditional malware, PromptLock autonomously decides whether to exfiltrate or encrypt data, using prompts embedded in its code. The ransomware, written in Golang and using SPECK encryption, has already appeared in early forms on VirusTotal. While currently considered a proof of concept, ESET warns that the threat is very real, as AI now enables attackers to create complex and adaptive malware without extensive technical teams. Researchers Anton Cherepanov and Peter Strýček stress that AI-driven malware could severely complicate detection and defense, urging the cybersecurity community to prepare for this new wave of threats.

(PRESS RELEASE) BRATISLAVA , 29-Aug-2025 — /EuropaWire/ — ESET researchers have identified a new strain of ransomware, PromptLock, that harnesses generative artificial intelligence (GenAI) to autonomously create malicious scripts and execute cyberattacks. The malware operates a locally accessible AI language model to generate Lua scripts in real time, marking a new phase in the use of AI for cybercrime.

Unlike conventional ransomware, PromptLock is designed to work across multiple operating systems — including Windows, Linux, and macOS. It scans files on infected devices, analyzes their contents, and, guided by predefined text prompts, determines whether to exfiltrate or encrypt the data. The malware is written in Golang, uses the SPECK 128-bit encryption algorithm, and contains a destructive function that, although currently inactive, signals its potential for widespread damage.

PromptLock uses a freely available AI model accessed via an API, meaning that every malicious script is generated dynamically and served directly to the infected device. According to ESET researchers, the prompts embedded in the malware even reference a Bitcoin address reportedly tied to Satoshi Nakamoto.

“PromptLock highlights how AI is lowering the barriers for cybercriminals,” said Anton Cherepanov, Senior Malware Researcher at ESET, who, together with researcher Peter Strýček, conducted the analysis. “Complex ransomware can now be developed and adapted by leveraging language models, without requiring large teams of experienced developers. If adopted widely, such attacks could significantly complicate detection and defense.”

While ESET currently classifies PromptLock as a proof of concept, early variants have already appeared on VirusTotal. The company stresses that the ransomware represents a credible threat and has published technical details to inform the cybersecurity community. The malware has been assigned the classification Filecoder.PromptLock.A.

Cherepanov added: “This is a turning point. AI-driven malware can learn, adapt, and execute decisions in ways that will make the job of defenders much harder. The cybersecurity community must remain vigilant and collaborate to address the risks presented by this new generation of threats.”

ESET encourages security professionals to review its published research and continue monitoring developments in AI-driven malware.

ESET® provides cutting-edge cybersecurity to prevent attacks before they happen. By combining the power of AI and human expertise, ESET stays ahead of emerging global cyberthreats, both known and unknown—securing businesses, critical infrastructure, and individuals. Whether it’s endpoint, cloud, or mobile protection, our AI-native, cloud-first solutions and services remain highly effective and easy to use. ESET technology includes robust detection and response, ultra-secure encryption, and multifactor authentication. With 24/7 real-time defense and strong local support, we keep users safe and businesses running without interruption. The ever-evolving digital landscape demands a progressive approach to security: ESET is committed to world-class research and powerful threat intelligence, backed by R&D centers and a strong global partner network. For more information, visit www.eset.com or follow our social media, podcasts, and blogs.

Media Contact:

Tel: +421 (2) 322 44 111
Fax: +421 (2) 322 44 109
Web: www.eset.com/int

SOURCE: ESET