Table of Contents
Bing Chat Ads on Microsoft’s AI Platform Pose Malware Risk: Malwarebytes has uncovered a concerning security issue involving Microsoft’s Bing Chat.
Malicious ads are being distributed through this AI-powered chatbot, potentially leading users to dangerous websites and malware installations.
Key Takeaways on Bing Chat Ads on Microsoft’s AI Platform Pose Malware Risk:
- Bing Chat Vulnerability: Microsoft’s Bing Chat, which utilizes OpenAI’s GPT-4 language model, has become a platform for distributing malware via malicious ads.
- Malvertising Tactics: Threat actors have exploited Bing Chat’s ad integration to trick users into visiting compromised websites, where malware can be installed without their knowledge.
- Infiltration and Deception: The attackers have infiltrated the ad account of a legitimate Australian business, creating deceptive ads to lure users to malicious sites.
Malware Threat in Bing Chat
Malwarebytes has uncovered a concerning threat within Microsoft’s Bing Chat, an AI-driven interactive search experience introduced by the tech giant in February 2023.
While Bing Chat aims to enhance user experiences, it has inadvertently become a breeding ground for malicious ads that distribute malware.
Malicious Ads in Conversations
Jérôme Segura, Director of Threat Intelligence at Malwarebytes, explains that threat actors can insert ads into Bing Chat conversations through various means.
One such method involves displaying an ad when a user hovers over a link before showing the organic search result.
Real-Life Example
To illustrate this threat, a search in Bing Chat for legitimate software, Advanced IP Scanner, returned a link.
When users hovered over this link, a malicious ad appeared, pointing to a fraudulent site. If users click the link, they are directed to a traffic direction system (TDS) to verify if the request is from a real human.
If confirmed, users are taken to a decoy page containing a rogue installer, the nature of which remains unknown.
The Role of Threat Actors
What’s particularly alarming is that threat actors managed to infiltrate the ad account of a legitimate Australian business to create these malicious ads.
This demonstrates how threat actors exploit search ads to redirect users to malicious sites, putting unsuspecting victims at risk of downloading malware.
Ongoing Security Concerns
These findings coincide with other security concerns in the digital realm. For instance, attacks on hotels, booking sites, and travel agencies involve stealing customer data via information-stealing malware and fake reservation pages.
Such attacks prey on victims’ urgency and trust.
Evolving Phishing Techniques
Phishing attacks continue to evolve. Threat actors are using techniques like ZeroFont, where a portion of the message body is written in a font with zero-pixel size, making it appear as though the email has passed security checks.
Such tactics aim to confuse recipients into believing phishing messages are trustworthy.
Stay Vigilant
These discoveries emphasize that threat actors are constantly finding new ways to infiltrate unsuspecting targets. To stay safe online, users should avoid clicking on unsolicited links, especially those in urgent or threatening messages.
Additionally, verifying URLs for signs of deception is crucial to maintaining online security.
Conclusion
The presence of malware-laden ads in Microsoft’s Bing Chat is a reminder that online security threats persist and evolve. Vigilance and caution when interacting with digital content are paramount to staying safe in the digital landscape.
About the Company:
Malwarebytes is a leading cybersecurity company specializing in malware detection and prevention.