Top AI tools such as OpenClaw and Github Copilot can be hijacked to create new massive botnets


Your favorite AI service could be subverted to deploy code that turns your phone or PC into a botnet, according to researchers at Intuit, Technion, and Tel Aviv University.

The technique has been given the name HalluSquatting, a portmanteau of adversarial hallucination squatting, and is similar to typosquatting in that it relies on a mistake in order to distribute malicious code. While typosquatting might occur with the incorrect input of a website URL, HalluSquatting pivots on an LLM being unable to identify a resource or repository with 100% accuracy.

Read more…
Source:  TechRadar News


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Microsoft AI researchers accidentally exposed terabytes of internal sensitive data

    September 18, 2023

    Microsoft AI researchers accidentally exposed tens of terabytes of sensitive data, including private keys and passwords, while publishing a storage bucket of open source training data on GitHub. In research shared with TechCrunch, cloud security startup Wiz said it discovered a GitHub repository belonging to Microsoft’s AI research division as part of its ongoing work ...

  • Ukraine war: Cyber-teams fight a high-tech war on front lines

    September 6, 2023

    Ukraine cyber-operators are being deployed on the front lines of the war, duelling close-up with their Russian counterparts in a new kind of high-tech battle. “We have people who are directly involved in combat,” says Illia Vitiuk, the head of the Ukrainian Security Service’s (SBU) cyber department. Speaking inside the heavily protected SBU headquarters, he explains ...

  • AI and the Five Phases of the Threat Intelligence Lifecycle

    August 24, 2023

    Artificial intelligence (AI) and large language models (LLMs) can help threat intelligence teams to detect and understand novel threats at scale, reduce burnout-inducing toil, and grow their existing talent by democratizing access to subject matter expertise. However, broad access to foundational Open Source Intelligence (OSINT) data and AI/ML technologies has quickly led to an overwhelming amount ...

  • Threat Actors are Interested in Generative AI, but Use Remains Limited

    August 17, 2023

    Since at least 2019, Mandiant has tracked threat actor interest in, and use of, AI capabilities to facilitate a variety of malicious activity. Based on Mandiant own observations and open source accounts, adoption of AI in intrusion operations remains limited and primarily related to social engineering. In contrast, information operations actors of diverse motivations and capabilities ...

  • CyberDSA 2023: Forging a Resilient Digital Future Through Unprecedented Collaboration

    August 16, 2023

    Over 5,000 cybersecurity professionals and leaders convene to promote greater collaboration within the sector Kuala Lumpur, 16 August 2023 — The highly anticipated inaugural Cyber Digital Services Defence & Security Asia (CyberDSA) 2023 has officially commenced at the Kuala Lumpur Convention Centre, graced by the Minister of Communications and Digital, YB Fahmi Fadzil. Embracing the theme ...

  • Terrorism and cyber attack warning as 25 biggest threats facing Ireland revealed

    August 3, 2023

    Ireland faces an increased threat from terrorism and cyber-attacks – because we spend so little money on defence, the government has admitted. This year’s national risk assessment also finds that Ireland faces 25 different potential threats – from terrorism to financial instability, as well as climate change, AI and even housing problems. Read more… Source: Irish Mirror