Microsoft’s Bing Chat responses injected by ads pushing malware: Report

According to the cybersecurity company Malwarebytes, malicious ads appear to contain download links for the 'Advanced IP Scanner' utility, which has been exploited by ransomware operators earlier.

San Francisco: Cybersecurity researchers have discovered that malicious advertisements or harmful ads are now being distributed via Microsoft’s AI-powered Bing Chat responses, promoting fake download sites that spread malware, a new report has said.

According to the cybersecurity company Malwarebytes, malicious ads appear to contain download links for the ‘Advanced IP Scanner’ utility, which has been exploited by ransomware operators earlier.

“Ads can be inserted into a Bing Chat conversation in various ways. One of those is when a user hovers over a link and an ad is displayed first before the organic result,” said Jerome Segura, director of threat intelligence, Malwarebytes.

In February, Microsoft introduced its Bing Chat AI search assistant and a month later began injecting ads alongside it to generate revenue from this new platform. However, incorporating ads into Bing Chat has opened the door to hackers.

When the researchers asked Bing Chat how to download Advanced IP Scanner, it displayed a link to download it in the chat. When you hover over an underlined link in a chat, Bing Chat may display an advertisement before the legitimate download link. In this case, the sponsored link was a malware advertisement, the researchers explained.

Malvertizing campaigns are created by hackers who hack into the advertising accounts of legitimate Australian businesses and create ads that target system admins (IP scanner) and lawyers (MyCase law manager), the report said.

When users click on the malicious ad for the IP scanner, they are directed to a website (‘mynetfoldersip(.)cfd’) that distinguishes bots and crawlers from human victims by checking IP addresses, timezones, and various system indicators for sandbox/virtual machines. Victims are then redirected to ‘advanced-ip-scanner(.)com,’ a clone of Advanced IP Scanner that employs typosquatting to deceive visitors, according to the report.

“We recommend users pay particular attention to the websites they visit but also use a number of security tools to get additional protection,” the researchers advised.

Back to top button