With the proliferation of LLM-driven multi-agent systems (MAS), the security of Web links has become a critical concern. Once MAS is induced to trust a malicious link, attackers can use it as a springboard to expand the attack surface. In this paper, we propose Web Fraud Attacks, a novel type of attack manipulating unique structures of web links to deceive MAS. We design 12 representative attack variants that encompass various methods, such as homoglyph deception, sub-directory nesting, and parameter obfuscation. Through extensive experiments on these attack vectors, we demonstrate that Web fraud attacks not only exhibit significant destructive potential across different MAS architectures but also possess a distinct advantage in evasion: they circumvent the need for complex input design, lowering the threshold for attacks significantly. These results underscore the importance of addressing Web fraud attacks, providing new insights into MAS safety. Our code is available at https://github.com/JiangYingEr/Web-Fraud-Attack-in-MAS.

翻译：随着LLM驱动多智能体系统（MAS）的普及，网络链接的安全性已成为关键问题。一旦MAS被诱导信任恶意链接，攻击者便可将其作为跳板扩大攻击面。本文提出网络欺诈攻击——一种通过操纵网络链接独特结构来欺骗MAS的新型攻击方式。我们设计了12种代表性攻击变体，涵盖同形异义字欺骗、子目录嵌套、参数混淆等多种方法。通过对这些攻击向量的大规模实验，我们证明网络欺诈攻击不仅在不同MAS架构中展现出显著的破坏潜力，而且在规避检测方面具有独特优势：它们无需复杂的输入设计，显著降低了攻击门槛。这些结果凸显了应对网络欺诈攻击的重要性，为MAS安全性研究提供了新的视角。我们的代码发布于https://github.com/JiangYingEr/Web-Fraud-Attack-in-MAS。