Google Gemini Tricked Into Showing Phishing Message Hidden in Email
securityweek
A researcher has found that Google Gemini for Workspace is affected by a prompt injection vulnerability that can be exploited to trick the AI assistant into displaying a phishing message.
The weakness was found by Marco Figueroa and reported through Mozilla’s 0Din bug bounty program, which focuses on gen-AI vulnerabilities.
The researcher’s hack involves sending the targeted user an email that, in addition to a benign lure text, contains a phishing message that is written with white font on a white background, making it invisible to the target.
This phishing message, which needs to be wrapped inside
When the target uses Gemini’s ‘summarize this email’ functionality to get a summary of the attacker’s email, in addition to a summary of the text visible to the victim, Gemini displays the phishing message. That is ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE