Promptware Attack Lets Hackers Weaponize Google Calendar Invites to Spy via Zoom Camera

A scary new AI threat called “Promptware” lets hackers spy on your camera without you clicking anything.

Forget simple chatbot tricks, this is like malware hijacking your AI assistant to stream your video feed.

Researchers from Ben-Gurion University, Tel Aviv University, and Harvard (including expert Bruce Schneier) dropped a bombshell paper this week: “The Promptware Kill Chain”.

They say prompt injectiontricking AI with sneaky instructions, isn’t just a glitch. It’s full-blown Promptware, acting like a virus in large language models (LLMs). How the Google Calendar-Zoom Hack Works

Attackers send a fake Google Calendar invite. The description hides a malicious prompt. Your AI assistant, with access to your calendar and email, reads it automatically.

The prompt fools the AI into thinking you ordered a Zoom meeting. The AI then starts Zoom, turns on your camera, and streams video to the hacker’s server. No alerts, no clicks needed, the AI has legit permissions, so it obeys.

This “insider threat” escalates fast. As AI gets baked into phones, PCs, and OSes (like controlling cameras or mics), one invite could expose your home or office.

The 7-Stage Promptware Kill Chain

The team studied 36 real attacks to map this out, mirroring cyberwarfare tactics:

Stage	Description	Example in Attack
Initial Access	Sneak prompt into system	Malicious Calendar invite
Privilege Escalation	Bypass AI safety filters (“jailbreak”)	Trick AI to ignore rules
Reconnaissance	AI scans emails/files for info	Gather victim contacts
Persistence	Embed prompt in AI memory for repeats	Auto-reinfect on restarts
Command & Control	Link to hacker’s server	Stream Zoom video
Lateral Movement	Spread to others	AI emails invites to contacts
Actions on Objective	Steal data, commit fraud	Exfiltrate video/crypto

Prompt injection was like SQL injection block bad inputs. But Promptware mutates, spreads, and executes code. It steals crypto, wipes data, or spies silently.

Solutions: Defense-in-Depth

• Input Sanitization: Strip prompts from calendars/emails.
• Permission Limits: AI needs explicit user OK for Zoom/camera.
• Monitoring: Log AI actions; flag anomalies like surprise meetings.
• Isolation: Run AI in sandboxes without tool access.

As LLMs control more (e.g., Siri, Cortana evolutions), we need layered security, not just “say no to bad prompts.”

This shifts cybersecurity: Treat AI like malware hotspots. Stay vigilant to check invites and AI permissions now.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.

The post Promptware Attack Lets Hackers Weaponize Google Calendar Invites to Spy via Zoom Camera appeared first on Cyber Security News.