|
Ever since reporting earlier this year on how easy it is to trick an agentic browser, I've been following the intersections between modern AI and old-school scams. Now, there's a new convergence on the horizon: hackers are apparently using AI prompts to seed Google search results with dangerous commands. When executed by unknowing users, these commands prompt computers to give the hackers the access they need to install malware.
The warning comes by way of a recent report from detection-and-response firm Huntress. Here's how it works. First, the threat actor has a conversation with an AI assistant about a common search term, during which they prompt the AI to suggest pasting a certain command into a computer's terminal. They make the chat publicly visible and pay to boost it on Google. From then on, whenever someone searches for the term, the malicious instructions will show up high on the first page of results.
Huntress ran tests on both ChatGPT and Grok after discovering that a Mac-targeting data exfiltration attack called AMOS had originated from a simple Google search. The user of the infected device had searched "clear disk space on Mac," clicked a sponsored ChatGPT link and — lacking the training to see that the advice was hostile — executed the command. This let the attackers install the AMOS malware. The testers discovered that both chatbots replicated the attack vector.
As Huntress points out, the evil genius of this attack is that it bypasses almost all the traditional red flags we've been taught to look for. The victim doesn't have to download a file, install a suspicious executable or even click a shady link. The only things they have to trust are
|
|
With a good virtual private network (VPN), you can stream TV shows and events from all over the world, protect your information from hackers and thwart those online trackers that watch you sleep and show you weird personalized ads. Although we strongly recommend using a VPN, you shouldn't jump on just any deal — a bit of comparison shopping goes a long way in this market. The pricing you see on VPN websites is often not an accurate portrayal of what you'll actually pay.
Even so, there are some great bargains on the table. Black Friday and Cyber Monday may be over, but lots of the best VPNs — including our top pick, Proton VPN — have end-of-year deals live that can save you anywhere from 67 to 88 percent on annual subscriptions. Most of these discounts only apply if you sign up for a year or more, but as long as you're sure you like the service, committing actually makes sense. You pay more at the start, but if you divide the cost by the months of service, it's significantly cheaper over time.
Most of the deals below follow that pattern, so make sure you're comfortable with a service before you take the plunge. Read on for the best VPN deals live this week.
Best VPN deals
|
|
I tested nearly every setting my fridge has to offer to find out which number on the dial hits the sweet spot.
|
|
Wi-Fi jammers sound like a scary way to bypass home security, but it's more complicated than that. Here's how to avoid worrying.
|
|
Microsoft is sitting on top of the world right now, thanks to its lead in AI. It's the most valuable company on the planet, with a valuation of more than $3.2 trillion. Its rise was rocket-fueled by its investor relationship with OpenAI, the company that makes the wildly popular generative AI (genAI) chatbot ChatGPT. OpenAI's GPT large language model is also the basis for Microsoft Copilot, the genAI tool that Microsoft is building into just about every one of its products, from GitHub to Windows to Microsoft 365 and beyond.
Microsoft's AI dominance appears insurmountable. But things can change quickly in tech. Google and Apple are in talks to embed Google's genAI tool Gemini into iPhones — a deal that, if it reaches fruition, could unseat Microsoft sooner than you think.
To read this article in full, please click here
|
|
