DIGITAL LIFE

Viruses on caffeine: the rise of self-learning malware

Computer viruses have come a long way from floppy-disk pranks to today’s AI-assisted cybercrime. The 2020s have turned malware into a professional industry, complete with ransomware cartels, AI-driven phishing and even research projects masquerading as real-world threats. As of September 2025, the fight is no longer about who writes the nastiest script; it’s about who trains the smartest algorithm, and the results are both fascinating and frightening.

Back in the 1980s, Elk Cloner spread by floppy disk and rewarded its victims with a poem. It was more of a prank than a cyber weapon; but it proved one thing clearly — code could spread like a digital cold. By the 1990s, the fun was over. Boot sector viruses like Michelangelo took control before the operating system even loaded, and macro viruses turned Microsoft Office into a playground for hackers.

The 2000 ILOVEYOU worm was the ugly proof. Millions opened what looked like a romantic email, and instead unleashed chaos that cost billions. A harsh reminder that love letters and inboxes rarely mix well.

Between the email chaos and today’s AI malware, there was another rough chapter. Windows 2000 and XP shipped with autorun enabled by default, which meant viruses could launch themselves automatically from floppy disks, CDs and, later, USB drives. Once pen drives went mainstream, infections spread like wildfire from home PCs to office networks. Conficker became one of the most notorious worms of this era, exploiting both network flaws and removable media.

Once antivirus software got smarter, malware learned to shapeshift. Polymorphic code scrambled itself into new forms every time it spread; metamorphic malware rewrote itself entirely. The infamous Storm Worm showed how this trick worked in the real world, running a botnet of millions while constantly changing costume.

Security companies chased it like a bad cartoon; every time they closed in, the worm was already wearing a new mask.

Fast-forward to today and malware has a new upgrade: artificial intelligence. IBM’s 2018 proof-of-concept DeepLocker showed how malware could lie dormant until it recognised a specific face. Creepy? Absolutely. Clever? Unfortunately, yes.

Machine learning also automates the grind. Instead of hackers tweaking code by hand, AI can test thousands of variations against antivirus engines in minutes until one slips through. It is malware with the patience of a saint and the work ethic of a caffeinated intern.

Real-world sightings in 2025...This year, things have gotten more complicated. In mid-2025, security firm ESET announced the discovery of PromptLock, calling it the world’s first AI-powered ransomware. That caused a stir until researchers revealed it was actually a New York University academic project; a controlled proof-of-concept, not an active criminal strain. A good reminder that hype spreads almost as fast as malware itself.

Meanwhile, cybercriminals are busy using generative AI for more grounded attacks. Deepfake voices are tricking employees into wiring money, and phishing emails now look like they were written by your company’s legal department. Darktrace also reported signs of attackers using reinforcement learning to adjust their moves in real time, like a chess player who never stops studying openings.

The nightmare of a fully autonomous, self-learning worm has not arrived yet; but the groundwork is being laid.

Traditional antivirus works like a nightclub bouncer with a clipboard; it checks known troublemakers and tosses them out. AI malware does not bother faking IDs; it shapeshifts until it looks like the manager’s best friend. Signature detection fails, behavioural monitoring struggles, and the gap widens every year.

Defenders now rely on layers: heuristics, anomaly detection, endpoint monitoring and AI pattern recognition. The unfair part is obvious; defenders must cover every possible entrance, while attackers only need one open window.

Thankfully, defenders have their own algorithms. Microsoft and Google use AI to monitor billions of signals daily, while firms like Darktrace promote “digital immune systems” that learn what normal behaviour looks like and act when something deviates. Think of it as cybersecurity with an immune system instead of a clipboard.

These systems are designed to spot the unusual; a login from the wrong time zone, a file moving in an odd way; and respond instantly. No coffee breaks, no meetings, no “let’s revisit this on Monday.”

The decade ahead...The 2030s are shaping up to be an AI arms race. Expect ransomware that negotiates ransoms dynamically, worms that wait for weeks before detonating, and phishing emails so convincing you will question your own HR department. On the defensive side, AI will quietly guard networks, leaving human analysts to focus on strategy rather than chasing thousands of false alarms.

Malware authors are also probing new platforms. Viruses targeting ARM CPUs, especially Apple silicon Macs, are beginning to appear, and some criminals have even experimented with hiding crypto-stealers inside free Steam games. It is proof that innovation is alive and well on both sides of the fence — though in this case, it is innovation nobody asked for.

The uncomfortable truth is that in cybersecurity, attackers only need to win once; defenders need to win every single time. The future will not be written in clean code or crude scripts; it will be trained in algorithms, each one trying to outsmart the other. Place your bets wisely.

mundophone