PromptLock leverages Lua scripts generated from hard-coded prompts to enumerate the local filesystem, inspect target files, exfiltrate selected data, and perform encryption. These Lua scripts are cross-platform compatible, functioning on #Windows, #Linux, and #macOS 2/6

Based on the detected user files, the malware may exfiltrate data, encrypt it, or potentially destroy it. Although the destruction functionality appears to be not yet implemented. #Bitcoin address used in the prompt appears to belong to Bitcoin creator https://en.wikipedia.org/wiki/... 3/6

For its file encryption mechanism, the PromptLock ransomware utilizes the SPECK 128-bit encryption algorithm 4/6

Although multiple indicators suggest the sample is a proof-of-concept (PoC) or work-in-progress rather than fully operational malware deployed in the wild, we believe it is our responsibility to inform the cybersecurity community about such developments. 5/6

The PromptLock ransomware is written in #Golang, and we have identified both Windows and Linux variants uploaded to VirusTotal. IoCs: 🚨 Filecoder.PromptLock.A 📄 24BF7B72F54AA5B93C6681B4F69E579A47D7C102 AD223FE2BB4563446AEE5227357BBFDC8ADA3797

@ESETresearch Fascinating. Good work @ESETresearch So it's downloading the whole multi-gb model?

@jsrailton PromptLock does not download the entire model, which could be several gigabytes in size. Instead, the attacker can simply establish a proxy or tunnel from the compromised network to a server running the Ollama API with the gpt-oss-20b model. This approach leverages the Internal

@ESETresearch This is fascinating

@ESETresearch That model is quite large - so is the malware binary several gigabytes?

@ESETresearch wake me when the malware locally generates code with AI (why not prompt injecting copilot)

@ESETresearch So, what is this? A ScriptClanker?

@ESETresearch @HackingLZ is this finally the AI malware you were promised?

@ESETresearch Who is even coming up with these

@ESETresearch @kaganisildak

@ESETresearch @vxunderground You might be interested in this

@ESETresearch surely this is just a poc 🤔 regardless, there are already APT malware out there that calls HuggingFace APIs for malicious script execution instead of running the whole model locally

@ESETresearch Your thread is creating a buzz! #TopUnroll https://threadreaderapp.com/th... 🙏🏼@competentmen for 🥇unroll

@ESETresearch How do you know the address belongs to Satoshi Nakamoto? There is no indication that the wallet belongs to said person.

@ESETresearch LUA?????

@ESETresearch A malware that runs a 20b local model? Man. I can't wait to get caught accidentally downloading 30gb malware and not noticing.

@ESETresearch @zux0x3a It downloads multiple gigabytes of LLM to then generate a lua script to enumerate hostname and os via hardcoded prompt? xD jesus I hope thats just some PoC, if that is meant for production I feel sorry for the TA

@ESETresearch it sounds like the COVID from one of “your” labs

@ESETresearch AI models running locally in malware, that some next level hacking

@ESETresearch A good reasoning model but still apts use hardcoded code which makes it easy for static detection doesn't make sense

@ESETresearch this is my project, idk how it ended up in someone else's hands I tweeted about it not long time ago

@ESETresearch 100% a POC, but we’ll see something like this in the wild very soon. The model’s “only” 14GB in size and still needs decent hardware to run by consumer standards. Finetuning might cut that down, though.

@ESETresearch @threadreaderapp unroll

@ESETresearch i love when go malware authors don’t -w -s Why can we see all ur main.funcs

@ESETresearch Now is the time to block the AI category on my firewalls.

@ESETresearch @Kameleonre_ Lua ?

@ESETresearch FYI CERT-UA reported one back in July: https://cert.gov.ua/article/62...

@ESETresearch Cool but why?

@ESETresearch Amateurs…

@ESETresearch People are leaving you, why ?

@ESETresearch #Auchan discloses data breach: data of hundreds of thousands of customers exposed https://securityaffairs.com/18... #securityaffairs #hacking