The Chameleon's Trap: AI-Triggered Zero-Click Vulnerability
Why It Matters
This exploit demonstrates how LLMs can be weaponized as 'trusted intermediaries' to bypass traditional browser security and human skepticism. It highlights a critical failure in how AI models verify external links before recommending them to users.
Key Points
- The 'Chameleon's Trap' campaign tricks AI scanners into white-listing malicious links embedded on websites.
- The exploit leverages browser 'automatic download' settings to deliver payloads without explicit user confirmation.
- On Windows 11, the attack utilizes a variant of the Follina vulnerability to execute code via PowerShell when a file is hovered over.
- The vulnerability effectively uses ChatGPT and other LLMs as a 'shield' to build false trust with the victim.
- Security experts recommend disabling 'automatic downloads' and 'trusted site' shortcuts in all major browsers.
A new phishing campaign dubbed 'Chameleon's Trap' has been identified, utilizing a sophisticated method to bypass security scans performed by AI models like ChatGPT. The attack involves embedding hidden links on websites that AI crawlers incorrectly categorize as safe, leading the AI to recommend these links to users. Once a user clicks the AI-recommended link, a file is automatically downloaded via browser 'trusted site' defaults. On Windows 11 systems, the exploit reportedly leverages vulnerabilities similar to the Follina (CVE-2022-30190) flaw, where merely hovering over a file in the file explorer can trigger malicious PowerShell commands. These commands grant attackers user-level privileges, effectively bypassing Microsoft's standard security protocols. Security researchers are now urging users to disable automatic downloads in browser settings to mitigate the risk of these zero-click execution chains initiated through AI interactions.
Imagine you ask an AI for help, and it gives you a link it swears is safe. That's the 'Chameleon's Trap.' Hackers are tricking AI scanners into thinking bad links are good. When you click the link the AI gave you, your computer automatically downloads a hidden file. On some Windows computers, just moving your mouse over that file lets the hackers take control of your machine using PowerShell. It's scary because we usually trust AI recommendations more than random pop-ups. To stay safe, you should change your browser settings so it asks for permission before every single download.
Sides
Critics
Warning that current AI link-scanning is insufficient and that browser 'auto-download' features create a massive security hole.
Defenders
No defenders identified
Neutral
Providing a service that is being exploited by third parties to recommend malicious links as safe content.
Managing the Windows 11 and MSDT vulnerabilities that allow the PowerShell execution once the file is downloaded.
Noise Level
Forecast
Microsoft and OpenAI are likely to implement more rigorous sandboxing for link-crawling within the next few weeks. We should expect a wave of browser updates that default 'automatic downloads' to 'off' for all users regardless of site reputation.
Based on current signals. Events may develop differently.
Timeline
Initial Chameleon's Trap Reports
Earliest instances of the phishing campaign using AI crawlers as a bypass method begin to surface.
Public Warning Issued
A high-level warning is circulated on social platforms regarding zero-click exploits triggered by AI recommendations.
CVE-2022-30190 (Follina) Discovered
A remote code execution vulnerability in the Microsoft Support Diagnostic Tool is first identified.
Join the Discussion
Discuss this story
Community comments coming in a future update
Be the first to share your perspective. Subscribe to comment.