Top AI tools such as OpenClaw and Github Copilot can be hijacked to create new massive botnets


Your favorite AI service could be subverted to deploy code that turns your phone or PC into a botnet, according to researchers at Intuit, Technion, and Tel Aviv University.

The technique has been given the name HalluSquatting, a portmanteau of adversarial hallucination squatting, and is similar to typosquatting in that it relies on a mistake in order to distribute malicious code. While typosquatting might occur with the incorrect input of a website URL, HalluSquatting pivots on an LLM being unable to identify a resource or repository with 100% accuracy.

Read more…
Source:  TechRadar News


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • AI chatbot provider exposes 346,000 customer files, including ID documents, resumes, and medical records

    December 3, 2024

    Researchers have discovered a huge Google Cloud Storage bucket, found freely accessible on the internet and containing a treasure trove of personal information. AI startup WotNot provides companies with the ability to create their own customized chatbot. The company reportedly has 3,000 customers including some household family names. But the way its solution is set up ...

  • INTERPOL campaign warns against cyber and financial crimes

    December 3, 2024

    INTERPOL has launched a campaign to raise awareness on the growing threat of cyber and financial crimes against vulnerable individuals and organizations. The Think Twice campaign, which includes a series of short videos, focuses on five rising online threats: ransomware attacks, malware attacks, phishing, generative AI scams, and romance baiting. These sophisticated scams have seen a ...

  • Singapore cyber defenders fight simulated attacks on AI-enabled systems in 4-day exercise

    November 15, 2024

    More technology is moving onto the cloud – meaning its data is hosted on remote servers rather than on personal devices – and integrating artificial intelligence (AI), which opens it up to new kinds of malicious attacks. To improve Singapore’s ability to counter these emerging threats, soldiers from the Singapore Armed Forces (SAF) and civilians from ...

  • ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI

    November 12, 2024

    In the race to gain a competitive edge, organizations are increasingly training artificial intelligence (AI) models on sensitive data. But what if a seemingly harmless AI model became a gateway for attackers? A malicious actor could upload a poisoned model to a public repository, and without realizing it, your team could deploy it in your environment. ...

  • Gartner Survey Shows AI Enhanced Malicious Attacks as Top Emerging Risk

    November 6, 2024

    Survey of 286 Senior Enterprise Risk Executives Reveals Top Five Emerging Risks in the Third Quarter of 2024 Artificial intelligence (AI)-enhanced malicious attacks are the top emerging risk for enterprises in the third quarter of 2024, according to Gartner, Inc. It’s the third consecutive quarter with these attacks being the top of emerging risk. IT vendor ...

  • Loose-lipped neural networks and lazy scammers

    October 31, 2024

    One topic being actively researched in connection with the breakout of LLMs is capability uplift – when employees with limited experience or resources in some area become able to perform at a much higher level thanks to LLM technology. This is especially important in information security, where cyberattacks are becoming increasingly cost-effective and larger-scale, causing ...