New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware
A new attack vector named HalluSquatting has been discovered by researchers, targeting AI-powered coding assistants. The attack leverages the phenomenon of AI hallucination, where the model generates plausible but incorrect package names. Attackers can preemptively register these hallucinated package names on public repositories, embedding malware within them. When a developer follows the AI's suggestion and installs the package, they inadvertently deploy botnet malware into their environment. The researchers demonstrated the attack against popular AI coding assistants, though specific model names were not disclosed in the excerpt. The consequence is that developers using AI coding tools may unknowingly introduce malicious dependencies into their projects, potentially leading to compromised systems and data breaches. The attack highlights a new class of supply chain risk unique to AI-assisted development, where the trust in AI-generated code can be exploited. The researchers emphasize that the attack is feasible because AI models often produce plausible-sounding but non-existent package names, which can be easily registered by attackers. This method differs from traditional typosquatting by targeting the AI's output rather than user typos.
Developers using AI coding assistants may unknowingly install malicious packages suggested by the AI, leading to botnet infections.