Hackers Inject Malicious Ads into GPT-4 Powered Bing Chat

In February 2023, Microsoft unveiled its revolutionary AI-assisted search engine, Bing Chat, driven by OpenAI’s cutting-edge GPT-4 technology. 

This announcement marked a notable event in the world of online search, sparking both curiosity and speculation about the potential shift in the search industry’s dynamics, long dominated by Google.

Given that tech giants derive a substantial portion of their revenue from advertising, it was only a matter of time before Microsoft introduced advertisements into the Bing Chat platform shortly after its launch. 

However, as with any online ads, there comes an inherent risk.

Malvertising via Bing Chat Conversations

Bing Chat represents a unique approach to online searches, combining text and images to offer a distinctive user experience.

Within six months of its launch, Microsoft celebrated a remarkable achievement—over one billion chats conducted through the platform.

The incorporation of ads into Bing Chat conversations can occur in several ways. 

One method involves displaying an ad when a user hovers their cursor over a link, with the ad appearing before the organic search result. 

To illustrate this, let’s consider a scenario where a user is looking to download a program called “Advanced IP Scanner,” commonly used by network administrators. 

When the user hovers over the first sentence of their query, a dialog pops up, showcasing an ad alongside the official website for the software:

Users faced with this ad have the option to visit either the ad or the official link. However, the prominently positioned ad is more likely to attract clicks. 

While a small “Ad” label accompanies this link, it might be easily overlooked, leading users to perceive it as a regular search result.

Phishing Sites Distributing Malware

Clicking on the aforementioned ad directs users to a website that filters incoming traffic and distinguishes genuine victims from bots, sandboxes, or security researchers. 

It accomplishes this by analyzing factors such as IP address, time zone, and system settings like web rendering, which can reveal the use of virtual machines.

Real users are subsequently redirected to a counterfeit website (advenced-ip-scanner[.]com), diligently imitating the official one. 

Meanwhile, other visitors are sent to a deceptive landing page, luring them into downloading what appears to be a legitimate installer:

Within this MSI installer lies a trio of files, but only one of them is malicious—an intricately obfuscated script:

Upon execution, this script communicates with an external IP address (65.21.119[.]59), presumably for self-identification and the reception of additional malicious payloads.

The Evolution of Search and the Persistence of Malicious Ads

Threat actors continue to exploit search ads as a means to redirect users to malevolent websites hosting malware. 

While Bing Chat presents a unique search experience, it still serves certain ads akin to those encountered during conventional Bing queries.

In this particular case, malicious actors compromised the ad account of a legitimate Australian business, creating two malicious ads—one targeting network administrators (Advanced IP Scanner) and another aimed at legal professionals (MyCase law manager), reads Malwarebytes report.

With convincing landing pages, victims can easily fall prey to downloading malware without suspecting foul play.

In light of these threats, it is essential for users to exercise caution when navigating websites and leverage various security tools to enhance their protection. 

This security incident has been reported to Microsoft and several other related malicious ads in an ongoing effort to safeguard online users.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.