Sunday, November 10, 2024
HomeCyber Security NewsHackers Inject Malicious Ads into GPT-4 Powered Bing Chat

Hackers Inject Malicious Ads into GPT-4 Powered Bing Chat

Published on

Malware protection

In February 2023, Microsoft unveiled its revolutionary AI-assisted search engine, Bing Chat, driven by OpenAI’s cutting-edge GPT-4 technology. 

This announcement marked a notable event in the world of online search, sparking both curiosity and speculation about the potential shift in the search industry’s dynamics, long dominated by Google.

Given that tech giants derive a substantial portion of their revenue from advertising, it was only a matter of time before Microsoft introduced advertisements into the Bing Chat platform shortly after its launch. 

- Advertisement - SIEM as a Service

However, as with any online ads, there comes an inherent risk.

Malvertising via Bing Chat Conversations

Bing Chat represents a unique approach to online searches, combining text and images to offer a distinctive user experience.

Document
FREE Demo

Deploy Advanced AI-Powered Email Security Solution

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Within six months of its launch, Microsoft celebrated a remarkable achievement—over one billion chats conducted through the platform.

The incorporation of ads into Bing Chat conversations can occur in several ways. 

malvertising

One method involves displaying an ad when a user hovers their cursor over a link, with the ad appearing before the organic search result. 

To illustrate this, let’s consider a scenario where a user is looking to download a program called “Advanced IP Scanner,” commonly used by network administrators. 

When the user hovers over the first sentence of their query, a dialog pops up, showcasing an ad alongside the official website for the software:

Users faced with this ad have the option to visit either the ad or the official link. However, the prominently positioned ad is more likely to attract clicks. 

While a small “Ad” label accompanies this link, it might be easily overlooked, leading users to perceive it as a regular search result.

Phishing Sites Distributing Malware

Clicking on the aforementioned ad directs users to a website that filters incoming traffic and distinguishes genuine victims from bots, sandboxes, or security researchers. 

It accomplishes this by analyzing factors such as IP address, time zone, and system settings like web rendering, which can reveal the use of virtual machines.

Real users are subsequently redirected to a counterfeit website (advenced-ip-scanner[.]com), diligently imitating the official one. 

Meanwhile, other visitors are sent to a deceptive landing page, luring them into downloading what appears to be a legitimate installer:

Within this MSI installer lies a trio of files, but only one of them is malicious—an intricately obfuscated script:

Upon execution, this script communicates with an external IP address (65.21.119[.]59), presumably for self-identification and the reception of additional malicious payloads.

The Evolution of Search and the Persistence of Malicious Ads

Threat actors continue to exploit search ads as a means to redirect users to malevolent websites hosting malware. 

While Bing Chat presents a unique search experience, it still serves certain ads akin to those encountered during conventional Bing queries.

In this particular case, malicious actors compromised the ad account of a legitimate Australian business, creating two malicious ads—one targeting network administrators (Advanced IP Scanner) and another aimed at legal professionals (MyCase law manager), reads Malwarebytes report.

malicious Ads

With convincing landing pages, victims can easily fall prey to downloading malware without suspecting foul play.

In light of these threats, it is essential for users to exercise caution when navigating websites and leverage various security tools to enhance their protection. 

This security incident has been reported to Microsoft and several other related malicious ads in an ongoing effort to safeguard online users.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

CISA Warns of Critical Palo Alto Networks Vulnerability Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns organizations of a critical vulnerability...

Cisco Desk Phone Series Vulnerability Lets Remote Attacker Access Sensitive Information

A significant vulnerability (CVE-2024-20445) has been discovered in Cisco Desk Phone 9800 Series, IP...

Cisco Flaw Let Attackers Run Command as Root User

A critical vulnerability has been discovered in Cisco Unified Industrial Wireless Software, which affects...

Researchers Detailed Credential Abuse Cycle

The United States Department of Justice has unsealed an indictment against Anonymous Sudan, a...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

CISA Warns of Critical Palo Alto Networks Vulnerability Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns organizations of a critical vulnerability...

Cisco Desk Phone Series Vulnerability Lets Remote Attacker Access Sensitive Information

A significant vulnerability (CVE-2024-20445) has been discovered in Cisco Desk Phone 9800 Series, IP...

Cisco Flaw Let Attackers Run Command as Root User

A critical vulnerability has been discovered in Cisco Unified Industrial Wireless Software, which affects...