Researchers at cybersecurity company Malwarebytes have discovered that Microsoft’s AI-powered Bing Chat responses are reportedly serving malicious ads with phishing links that spread malware.
According to the researchers, scammers are using ‘malvertising’ to trick unsuspecting Bing Chat users searching for legitimate software downloads into visiting malicious sites and installing malware directly from a Bing Chat conversation.
For those unaware, in February 2023, Microsoft introduced Bing Chat, an artificial intelligence (AI) chatbot experience based on OpenAI’s GPT-4, integrated into the search engine. Bing Chat aimed to make online searches more intuitive and user-friendly by providing users with an interactive chat-based experience similar to how humans would answer questions to a search query.
Further, in March 2023, the Redmond giant started injecting ads as part of its efforts to monetize the chatbot and earn revenue for this new platform. However, this move also opened the door to threat actors who opted for malvertising tactics and distributed malware.
“Ads can be inserted into a Bing Chat conversation in various ways. One of those is when a user hovers over a link and an ad is displayed first before the organic result,” wrote Jerome Segura, Director of Threat Intelligence at Malwarebytes, in a blog post.
To test the Bing Chat, Malwarebytes researchers asked a simple query: “I would like to download advanced IP scanner”. To this, the AI-powered chatbot responded by saying, “You can download Advanced IP Scanner from their official website,” and displayed a link to download it in the chat.
When the researchers hovered over the link, they discovered that the first and most prominent link that showed up was the malicious ad pointing to a fraudulent link, while the second link provided by the chatbot was the original download link.
“Users have the choice of visiting either link, although the first one may be more likely to be clicked on because of its position. Even though there is a small ‘Ad’ label next to this link, it would be easy to miss and view the link as a regular search result,” Segura added.
In clicking the first link, the researchers found that users were redirected to a website (mynetfoldersip[.]cfd) whose purpose is to filter traffic and separate real victims from bots, sandboxes, or security researchers. The website code determines that by using the visitor’s IP address, time zone, and various other system settings, such as web rendering that identifies virtual machines.
Then, the human victims are redirected to a fake site (advenced-ip-scanner[.]com) that mimics the official one (advanced-ip-scanner[.]com), where they are tempted to click on “Free Download” to download the supposed installer, which contains malicious files.
According to Segura, the malicious actor hacked into the ad account of a legitimate Australian business and created two malicious ads, one aimed at duping network admins (Advanced IP Scanner) and another lawyers (MyCase law manager). With legitimate-looking landing pages, victims can easily be fooled into downloading malware.
“We recommend users pay particular attention to the websites they visit but also use a number of security tools to get additional protection,” Segura concluded.
Malwarebytes has reported the security incident and its findings to Microsoft, along with a few other related malicious ads.
“Our content policies prohibit advertising content that is deceptive, fraudulent or that can be harmful to users. We can confirm that this content has been removed and that the advertiser was blocked from our networks as part of our detection scan process,” a Microsoft spokesperson told The Register.
“We are continuing to monitor our ad network for similar accounts and will take action as needed to help keep customers protected. We will continue to apply this feedback into our detection mechanisms to improve our ability to detect and remove similar ads in the future.”
