Bing Chat AI Responses Found to Contain Malicious Ads
Earlier this year, Microsoft began adding advertisements to conversations with its Bing Chat AI chatbot as a way to monetize the new platform. Now, researchers have discovered that malicious ads are being embedded in the chatbot’s responses, tricking users into downloading malware disguised as the popular utility Advanced IP Scanner.
Bing Chat, which is powered by OpenAI’s GPT-4 engine, was launched in February 2023 to challenge Google’s dominance in the search industry. By offering users an interactive chat instead of traditional search queries and results, Bing Chat aimed to make online searching more intuitive and user-friendly.
In March 2023, Microsoft started including ads in Bing Chat responses to generate revenue from the new platform. However, analysts at Malwarebytes have now warned that this feature has become dangerous. The malicious ads discovered by researchers are disguised as download links for Advanced IP Scanner, a tactic previously used by operators of the RomCom RAT and Somnia ransomware campaigns.
How the Malicious Ads Work
Researchers explain that if you ask Bing Chat where to download Advanced IP Scanner, the chatbot will display a download link in the chat. However, when you hover over the link, Bing Chat may first show an advertisement before the legitimate download link. In this case, the ad link was malicious and distributed malware.
Malicious Link in Chat
It turns out that unknown attackers hacked the advertising account of an unnamed Australian company to create two malicious ad campaigns targeting system administrators (with Advanced IP Scanner) and lawyers (with the MyCase manager).
Hackers’ Ad Campaigns
When a victim clicks on the ad offering to download Advanced IP Scanner, they are taken to the site mynetfoldersip[.]cfd, which separates bots from real users by checking IP address, time zone, and various system indicators. Victims are then redirected to a clone of the Advanced IP Scanner website (advenced-ip-scanner[.]com), which uses a typo in the address (“advenced” instead of “advanced”) to trick visitors.
Malware Delivery Chain
The installer MSI downloaded from this site contains three files, one of which is a heavily obfuscated malicious script that connects to an external resource to retrieve its payload.
Malicious Script
Unfortunately, Malwarebytes experts were unable to analyze the final payload for this malicious campaign, so it’s unclear exactly what type of malware is ultimately installed on the user’s machine.
Risks of Trusting AI Chatbots
Researchers note that interacting with an AI chatbot can give users an unwarranted sense of trust, convincing them to click on ads they might otherwise ignore in standard, impersonal search results. In their view, the integration of AI assistants could worsen the already existing problem of malicious ads in search engines.