On Wednesday, researchers unveiled a new attack method named HalluSquatting, which exploits popular AI coding assistants to assemble massive botnets. This innovative technique poses significant security threats by allowing hackers to perform large-scale DDoS attacks and install malicious software on numerous devices simultaneously.
Understanding HalluSquatting and Its Mechanism
The HalluSquatting technique capitalizes on the inherent limitations of large language models (LLMs) in distinguishing legitimate commands from malicious ones. These models often hallucinate resource identifiers, leading them to incorrect locations when users request code repositories or skills. Researchers have identified that LLMs can misidentify locations up to 85% of the time when cloning repositories, and this can reach 100% for trending skills.
By predicting the common hallucinations of LLMs and registering the erroneous identifiers, attackers can create malicious resources that coding assistants inadvertently use. This allows for widespread infection across devices without the need for targeted attacks, transforming the landscape of prompt injection threats.
Potential Impact of HalluSquatting Attacks
The researchers noted that HalluSquatting could enable large-scale ransomware campaigns and facilitate the creation of extensive botnets for DDoS attacks or cryptocurrency mining. The attack utilizes the integrated shells and terminals of coding assistants, embedding commands to install reverse shells within the resources that have been squatted.



