ESET reported about the first fixed extortion program, in which artificial intelligence plays a key role. The new sample was called Promptlock. It is written on Go and uses the local GPT-SOSS model: 20B from Openai through the OLLAMA interface to generate malicious Lua scripts in real time. Scripts are launched directly on the device and allow the program to list files on the disk, analyze their contents, unload the selected data and encrypt it. The code works equally on Windows, Linux and MacOS, which makes the threat of cross -platform.
on the plan of the author, the malware can not only copy or encrypt information, but also completely destroy it, although the destruction functionality has not yet been implemented. In generated industrials, the researchers found the address of the Bitcoin wallet related to the personality of Satoshi Nakamoto, which additionally fuels interest in the sample. As an encryption mechanism, the Speck algorithm with a 128 -bit -length key is used. Such a choice indicates the experimental nature of development rather than the tool ready for large -scale attacks.
experts note that so far all the signs indicate a prototype or demonstration version: the found copies for Windows and Linux have been loaded to Virustotal, but there is no mass distribution data. Nevertheless, the fact of using a generative model for the dynamic creation of harmful code makes a threat of a fundamentally new and worthy of attention of a professional community. ESET classified the program as FileCoder.Promptlock.a and emphasizes that even in the concept of a concept, such projects open the road to the emergence of new generation extortionists.