Hackers are using AI to install ransomware via CSS tricks
Cybersecurity firm CloudSEK has found that hackers are sneaking hidden instructions into emails and websites using clever CSS tricks.
These prompts are invisible to people but can be picked up by AI summarizers, which then unknowingly share steps to install ransomware.
Attackers use a method called ClickFix
Attackers use a method called ClickFix—think white-on-white text or tiny fonts—to bury their commands in a message.
By repeating these hidden prompts, they trick the AI tool into focusing on the attacker's instructions.
CloudSEK showed this could actually lead to AI-generated summaries containing attacker instructions that, if followed, could result in ransomware being installed.
How to protect yourself from this attack
This new tactic means even non-techy users could be at risk if they use AI tools for email or browsing.
CloudSEK recommends organizations filter out suspicious inputs and watch for sneaky CSS before letting AI process content, helping keep malicious code out of your summaries.