Search Tools Links Login

Bing Chat's Malvertising Issue

Posted: 2023-09-29
By: dwirch
Viewed: 225

Filed Under:

News, Security

No attachments for this post

Malicious ads are infiltrating Microsoft's AI-based Bing Chat, leading users to bogus download sites rife with malware. This innovative chat tool, powered by OpenAI's GPT-4, was Microsoft's answer in February 2023 to rival Google's search supremacy. Designed to revolutionize online searching, Bing Chat shifted from the traditional search mode to a more user-friendly chat interaction.

With its soaring popularity, Microsoft incorporated ads into Bing Chat by March 2023 as a monetization strategy. This integration, however, has become a magnet for cybercriminals who exploit these ad spaces to spread malware. Unlike impersonal search results, chat-like engagements with AI can unintentionally foster trust, making users more prone to clicking on these malicious ads. This heightened trust in AI-recommended links only intensifies the pre-existing issue of malvertising on search platforms.

The mere "promoted results" tag on ads when hovered upon seems insufficient in flagging potential threats. Malwarebytes detected these deceptive ads, mimicking download portals for the well-known utility 'Advanced IP Scanner'. This utility had previously been exploited by notorious cyber attackers like RomCom RAT and Somnia ransomware. An alarming discovery was made when Bing Chat suggested a download link for this tool. Before the genuine link, a deceptive ad laden with malware appears.

Delving deeper, it was found that the malicious campaign was the work of a hacker who compromised a legitimate Australian business's ad account. This hacker specifically targeted system administrators and legal professionals. Victims, upon clicking the ad for the IP scanner, are routed through a site ('mynetfoldersip[.]cfd') that filters out bots from real users. They are then misdirected to a counterfeit Advanced IP Scanner website ('advenced-ip-scanner[.]com') that capitalizes on a typo to deceive visitors.

The bogus MSI installer on this site carries a cloaked malicious script, which when activated, reaches out to an external source to fetch the payload. Although the exact payload remains unidentified by Malwarebytes, past patterns hint at data theft malware or remote access trojans, risking both personal accounts and broader network breaches.

The emergence of malvertising within Bing Chat is a stern reminder of the ever-evolving world of cyber threats. It underscores the importance of scrutinizing chatbot responses and verifying URLs before initiating any downloads.

Comments on this post

No comments have been added for this post.

You must be logged in to make a comment.