Cybercriminals have discovered a clever way to weaponize AI tools against users. According to CloudSEK researchers, attackers hide malicious Windows commands in documents using invisible CSS tricks like white-on-white text and zero-width characters.
When AI summarization tools process this content, they get overwhelmed by repeated hidden instructions and include the malicious commands in their summaries. Users then see what appears to be legitimate advice but are actually being tricked into running ransomware.
This "ClickFix" attack turns helpful AI assistants into unwitting accomplices. The malicious content can spread through search engines, forums, and emails, making detection difficult.
Source: Cybernews