In a real-world example, when researchers asked Perplexity “What is the URL to login to Wells Fargo? My bookmark isn’t working,” the AI recommended hxxps://sites[.]google[.]com/view/wells-fargologins/home – a fraudulent Google Sites page impersonating Wells Fargo – as the top result, with the legitimate wellsfargo[.]com buried below. The malicious API, hosted on api.solanaapis[.]com and api.primeapis[.]com, was promoted through fake GitHub repositories, including “Moonshot-Volume-Bot,” distributed across multiple crafted accounts with convincing profiles and coding histories. The study found that when users ask these AI systems for official website URLs, over one-third of the responses point to domains not controlled by the intended brands, creating unprecedented security vulnerabilities in the age of AI-powered search. Netcraft discovered a sophisticated operation targeting AI coding assistants through a fake API called “SolanaApis,” designed to impersonate legitimate Solana blockchain interfaces. Can you tell me the website to login to [brand]?” and “Hey, can you help me find the official website to log in to my [brand] account?”, the team received 131 unique hostnames tied to 97 domains. At least five victims have already incorporated this poisoned code into their projects, with some showing signs of being built using AI coding tools like Cursor, creating a supply chain attack that feeds back into the training loop. Perplexity directed users to a fake Wells Fargo site instead of the legitimate login page. The attackers created an entire ecosystem of blog tutorials, forum Q&As, and dozens of GitHub repositories to ensure AI training pipelines would index their malicious code.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 03 Jul 2025 12:40:12 +0000