For the first time, experts have detected malicious software that uses artificial intelligence. The virus is capable of infecting Windows, Linux and macOS devices, reports ESET Research.
PromptLock ransomware uses AI to create Lua scripts that scan a computer’s file system, extract the data it needs, and then steal or encrypt it. To work, the virus uses one of OpenAI’s open-source models — gpt-oss-20b, released less than a month ago. According to experts, Lua scripts can perform different functions on Windows, macOS and Linux systems, fooling security mechanisms and showing new behavior each time.
“PromptLock uses Lua scripts generated based on well-defined prompts to browse the local file system, inspect target files, extract selected data, and perform encryption. Malware can extract, encrypt, or potentially destroy data. Although the destruction function does not seem to be implemented yet, says the message.
Researchers also noted that one of the prompts listed the address of a Bitcoin wallet that could be linked to Satoshi Nakamoto. This is the pseudonym of the creator of Bitcoin, whose identity is still unknown. Journalists assume that this address is only a temporary stub, which confirms the early stage of virus development.
Recall that Lua is a programming language created in 1993 by employees of the Pontifical Catholic University of Rio de Janeiro in Brazil. It is often used to develop games. Famous examples include World of Warcraft and Dota 2. One dialect of the language, Luau, is used to create games on the Roblox platform.
