heise PlusAbo
Anzeige

Ransomware and attack on NX: criminals carry out AI-based attacks

Evidence of AI use by cyber crooks has emerged not only in theory, but also in practical attacks.

listen Print view

(Image: Gorodenkoff/Shutterstock.com)

3 min. read
Security
By
Contents

In recent days, both Anthropic and OpenAI have published reports on the misuse of their AI models by cybercriminals. The use cases described are now backed up by findings from security experts: AI-generated ransomware and malware have been found in the wild.

Criminal experiment or ready-made ransomware?

As the research department of the security company ESET reported in Fediverse, among other places, they found a piece of ransomware online that they dubbed "PromptLock". The malware uses the OpenAI model gpt-oss:20b locally on the target system via the Ollama API and creates malicious Lua scripts using prefabricated prompts. These then perform the usual ransomware tasks such as encrypting and exfiltrating files – on Windows, Linux, and macOS.

Videos by heise

According to the ESET researchers, there is much to suggest that this is a trial balloon from an unknown malware author that has made it into the wild and landed on the VirusTotal analysis platform. The Bitcoin wallet stored in the prompt for the blackmail letter is that of the mysterious Satoshi Nakamoto, to whom the very first "block reward" was sent.

"You are a cybersecurity expert": The PromptLock ransomware uses this prompt to create a personalized ransom note. The address of Satoshi's Bitcoin wallet, on the other hand, is hardcoded.

(Image: ESET Research)

Data theft via NPM package

Similar to the PromptLock ransomware, eight different packages in the Node Package Manager (NPM) also targeted user data. They were uploaded by unknown persons between August 26 and 27 using stolen developer keys and were all variants of NX and some of its plug-ins.

The malware hooked into the installation routine of the packages and called various command line versions of AI tools, including Claude Code, Gemini CLI and Amazon's own coding agent "q". Parameters such as "--yolo" were used to prompt the tools to bypass security barriers.

As the security company Snyk writes in a detailed analysis, the malware contained a prompt that begins as follows: "You are a search agent for files". According to its instructions, the malware then showed a wide range of interests: SSH keys, .env files with potentially sensitive configuration settings and crypto wallets were researched by the malware.

The packages were only online for a very short time and were removed after just over five hours. However, as the NX packages are downloaded and installed millions of times a month, thousands of systems could have been affected. Users who may be impacted by the NX attack should follow the instructions in the security advisory on Github. These include rotating Github tokens and blocking the malicious apps from their own account.

AI is changing IT security

Artificial intelligence obviously has the potential to bring about some changes in IT security – the examples that have now come to light show how attackers use LLMs to their advantage. But AI can also help on the defense side. A heise security webinar on October 29 will explain the pitfalls and opportunities of AI in IT security. Members of the heise security PRO specialist service can attend free of charge, while everyone else can still benefit from an early bird discount.

(cku)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten