""A key aspect of this activity is the abuse of trust between users, AI agents and external resources. Through techniques such as indirect prompt injection, attackers embed hidden instructions that can be executed by AI systems without user awareness.""
""On ClawHub, the company identified close to 600 malicious skills across 13 developer accounts designed to distribute trojans, cryptominers, and information stealers targeting both Windows and macOS systems.""
""It appears that threat actors distributing payloads through traditional vectors such as malvertisement are increasingly shifting toward poisoning trusted distribution channels. In particular, AI-related platform ecosystems such as ClawHub are being abused to deliver malware.""
Threat actors are leveraging AI distribution platforms like Hugging Face and ClawHub to distribute malware via trojanized shared files. These attacks exploit social engineering to trick users into downloading malicious code. Acronis reports nearly 600 malicious skills across 13 developer accounts on ClawHub, with two accounts responsible for most of the threats. Attackers use indirect prompt injection techniques to embed hidden instructions in resources, allowing AI systems to execute harmful commands without user awareness, leading to infections such as the Atomic macOS Stealer.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]