We’ve all seen AI-generated text summaries online, but did you know they’re now being used to hide malicious commands to encourage downloading malware?
A new kind of cyber trick, dubbed a ClickFix attack, is being used by threat actors to exploit AI-generated summaries. Rather than taking the traditional route of supplying suspicious downloads or links, the attackers are stealthily injecting hidden commands into web content which is pulled into AI summarizers. As with all effective hacks, these ClickFix attacks appear, on the surface, to be harmless content designed to help solve problems. This makes people more likely to follow the instructions. But this ‘helpful’ advice is only going to help you get your PC infected.
The Sneaky Side of AI Summaries
Researchers at CloudSEK have revealed details of a proof-of-concept attack which turns AI summary tools into dangerous weapons for hackers. The attack starts with a webpage or email containing hidden instructions. These instructions remain hidden as they’re cleverly disguised using CSS tricks such as white-on-white text, tiny fonts, or off-screen placement. And these instructions are repeated over and over again to induce a ‘prompt overdose’ which overwhelms the AI summarizer.
This means that these repeated instructions stand out as relevant, and the AI summarizer will ensure that these commands dominate the generated summary. So, for example, when an AI summarizer pulls these hidden commands into a summary, it could instruct you to open the Run prompt for Windows and run a PowerShell command which ‘fixes’ an error. However, this PowerShell command could easily be used, instead, to download further malware or start transmitting stolen data to a remote server.
A ClickFix attack is especially dangerous as attackers can link multiple commands together to create a powerful impact when launched. As these ‘instructions’ appear to mimic common troubleshooting guides, users are less likely to double check exactly what they’re doing. After all, the headlines generated by AI over the last few years have positioned it as an authoritative figure with the answers to everything.
How to Stay Safe from ClickFix Attacks
The bad news is that ClickFix attacks are becoming more common. 2025 has already seen major ClickFix attacks used to distribute the Lumma Stealer and Epsilon Red malware strains, so it’s crucial that you and your employees understand the dangers of ClickFix. And this is where Ophtek can step in to lend a helping hand with three amazing tips to keep you safe:
- Be Wary of AI Technical Requests: If an AI summary presents you with an instruction requesting you to run a command or click an unexpected prompt, stop and evaluate what it’s asking you to do. Always cross reference such requests with official sources or with an IT professional who can advise the best course of action.
- AI is not Fact: Even at the best of times, AI is prone to mistakes and is far from perfect when it comes to accuracy. Therefore, you should always inspect the sources behind any AI summaries you encounter which don’t feel 100% right. While you may not be able to spot the hidden commands, you’ll be able to make a more informed decision from the visible content.
- Use and Update Security Software: Make sure you use reliable security software with real-time protection – this can block suspicious scripts and downloads before they’re activated. Vital to success here is keeping the software updated so that it can recognize all the latest threats and keep you safe.
For more ways to secure and optimize your business technology, contact your local IT professionals.
