Prompt Injection Attacks Trick AI Agents Into Making Crypto Payments

https://www.securityweek.com/wp-content/uploads/2023/01/Cybersecurity_News-SecurityWeek.jpg

Threat actors are using prompt injection attacks embedded in malicious websites and manipulated search results to trick AI agents into making payments or trusting fraudulent cryptocurrency platforms.

Zscaler says it identified two campaigns relying on indirect prompt injection, including a payment scam hiding behind API documentation, and a typosquatting operation promoting a crypto platform that impersonates DeBank.

As part of the first campaign, the threat actor has been using SEO poisoning to target AI agents searching for the Python library requests-secure-v2.

“The fraudulent website includes keyword-heavy HTML tied to the fake Python module to poison search results for package installation and dependency troubleshooting queries,” Zscaler explains.

Within the website, the attackers hid indirect prompts instructing the visiting agents to make a payment as part of the routine process of acquiring an API key. The payment was encoded in schema markup to increase the chances that the agents would follow...

Copyright of this story solely belongs to securityweek.com. To see the full text click HERE

Read more

https://assets.bwbx.io/images/users/iqjWHBFdfxIU/iohDk_QhIy5o/v0/1200x800.jpg

Filing: Brookfield-backed data center company Csquare seeks to raise up to $1.35B in an IPO, selling 50M shares at $23 to $27 each for an up to $4.18B valuation

Sponsor Posts Fast, affordable law for startups — Soxton automates startup legal so founders can move faster and sleep better. We handle incorporation, advisor, employment and commercial contracts. Join the waitlist for early access! Stop vibe coding analytics — Equals AI turns questions about your business into auditable spreadsheet models and dashboards.