"Malicious instructions are crafted and hidden as URL fragments after the "#" symbol in a legitimate URL that points to a genuine, trusted website. These crafted links are then posted online, shared across social media, or embedded in web content. A victim clicks the link, believing it is trustworthy -- and nothing occurs to arouse suspicion. If, however, the user opens their AI browser assistant to ask a question or submit a query, the attack phase begins."
"What is HashJack? HashJack is the name of the newly discovered indirect prompt injection technique outlined by the Cato CTRL threat intelligence team. In a report published on Tuesday, the researchers said this attack can "weaponize any legitimate website to manipulate AI browser assistants." The client-side attack technique abuses user trust to access AI browser assistants and involves five stages:"
The HashJack technique embeds malicious prompts as URL fragments after the '#' symbol on legitimate websites. Crafted links are posted online, shared on social media, or embedded in web content to appear trustworthy. When a user clicks a link and later opens an AI browser assistant to ask a question or submit a query, the assistant reads the hidden fragment and executes the embedded instructions. The assistant can present phishing links, prompt malware downloads, or run background tasks in agentic models. Agentic AI browsers can escalate the attack to automatically send user data to attacker-controlled endpoints. The attack follows a five-stage client-side flow.
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]