PromptLock real-time AI-generated ransomware activity
Malware Activity
Summary
Hide ▲
Show ▼
PromptLock is a newly disclosed AI-powered ransomware strain that can enumerate files, exfiltrate selected data, and encrypt systems on Windows, Linux, and macOS. Its generated Lua scripts are produced in real time from hard-coded prompts using gpt-oss:20b via the Ollama API, making the malware more adaptive. ESET assessed it as a proof-of-concept, but the design could complicate detection because the indicators can vary between runs.
Related Happenings
PromptSteal and PromptFlux AI-enabled malware activity
Malware Activity
First: 06.11.2025 11:45
Last: 06.11.2025 11:45
Sources 1
About this happening:
**PromptSteal** and **PromptFlux** now show how malware can use **LLMs during execution** to generate malicious code on demand, raising the risk of more adaptive evasion and theft...
PromptSteal and PromptFlux AI-enabled malware activity
Malware ActivityAbout this happening: **PromptSteal** and **PromptFlux** now show how malware can use **LLMs during execution** to generate malicious code on demand, raising the risk of more adaptive evasion and theft...
WRECKSTEEL AI-assisted data-stealing malware used against Ukrainian government and critical infrastructure targets
Malware Activity
First: 09.10.2025 12:10
Last: 09.10.2025 12:10
Sources 1
About this happening:
The **WRECKSTEEL** malware was used in attacks against **Ukrainian state administration bodies** and **critical infrastructure facilities**, indicating an active **data-stealing**...
WRECKSTEEL AI-assisted data-stealing malware used against Ukrainian government and critical infrastructure targets
Malware ActivityAbout this happening: The **WRECKSTEEL** malware was used in attacks against **Ukrainian state administration bodies** and **critical infrastructure facilities**, indicating an active **data-stealing**...
HybridPetya ransomware bootkit and Secure Boot bypass activity
Malware Activity
First: 12.09.2025 14:50
Last: 12.09.2025 14:50
Sources 1
About this happening:
**HybridPetya** is a **ransomware bootkit** that targets **UEFI-based Windows systems** by installing a malicious **EFI application** on the **EFI System Partition** and encryptin...
HybridPetya ransomware bootkit and Secure Boot bypass activity
Malware ActivityAbout this happening: **HybridPetya** is a **ransomware bootkit** that targets **UEFI-based Windows systems** by installing a malicious **EFI application** on the **EFI System Partition** and encryptin...
Timeline
-
27.08.2025 20:07 1 articles · 9mo ago
PromptLock artifacts uploaded to VirusTotal
Detection Ioc UpdatePromptLock artifacts were uploaded to VirusTotal from the United States on August 25, 2025, marking an early detection point for the AI-powered ransomware strain.
Show sources
- Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model — thehackernews.com — 27.08.2025 20:07
-
27.08.2025 20:07 1 articles · 9mo ago
ESET discloses AI-powered PromptLock ransomware
Initial DisclosureCybersecurity company ESET disclosed PromptLock, an AI-powered ransomware strain written in Golang that uses OpenAI's gpt-oss:20b locally via the Ollama API to generate malicious Lua scripts in real time for filesystem enumeration, target-file inspection, selected-data exfiltration, and encryption. The strain was assessed as a proof-of-concept rather than fully operational malware, uses the SPECK 128-bit encryption algorithm, can affect Windows, Linux, and macOS, and its AI-generated indicators of compromise may vary between executions, complicating detection.
Show sources
- Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model — thehackernews.com — 27.08.2025 20:07