Prompt Injection Attacks Trick AI Agents Into Making Crypto Payments
Threat actors are using prompt injection attacks embedded in malicious websites and manipulated search results to trick AI agents into making payments or trusting fraudulent cryptocurrency platforms.
Zscaler says it identified two campaigns relying on indirect prompt injection, including a payment scam hiding behind API documentation, and a typosquatting operation promoting a crypto platform that impersonates DeBank.
As part of the first campaign, the threat actor has been using SEO poisoning to target AI agents searching for the Python library requests-secure-v2.
“The fraudulent website includes keyword-heavy HTML tied to the fake Python module to poison search results for package installation and dependency troubleshooting queries,” Zscaler explains.
Within the website, the attackers hid indirect prompts instructing the visiting agents to make a payment as part of the routine process of acquiring an API key. The payment was encoded in schema markup to increase the chances that the agents would follow...
Copyright of this story solely belongs to securityweek.com. To see the full text click HERE