Threat actors are embedding indirect prompt injection into malicious websites and manipulated search results to push AI agents into making payments or trusting fake crypto services. Zscaler found two campaigns targeting a fake Python module payment flow and a typosquatted DeBank lookalike, with several LLMs tricked into paying or misidentifying the fraudulent site. #Zscaler #DeBank #requests-secure-v2
Keypoints
- Attackers used indirect prompt injection on malicious websites.
- SEO poisoning targeted AI agents searching for requests-secure-v2.
- Hidden prompts tried to force payment for a fake API key.
- A second campaign typosquatted DeBank to impersonate a crypto platform.
- Several evaluated LLMs were manipulated into paying or trusting the fake site.
Read More: https://www.securityweek.com/prompt-injection-attacks-trick-ai-agents-into-making-crypto-payments/