Microsoft’s Bing Chat has come under scrutiny due to a significant security concern – the infiltration of malicious ads.
Malwarebytes researchers have now demonstrated how unsuspecting users seeking software downloads can be tricked into visiting malicious websites and unwittingly downloading malware.
Bing Chat, an artificial intelligence (AI) interactive text and image application powered by OpenAI’s GPT-4 and debuted in February 2023, has achieved impressive engagement numbers. It recorded over one billion chats within just six months of its release, according to an advisory published by Malwarebytes on Thursday.
This rising popularity has attracted advertisers seeking to reach a vast user base, but this has also created a channel for potential abuse.
One of the methods used to introduce ads into Bing Chat conversations involves displaying an ad when a user hovers over a link preceding the organic search result. Despite a small “Ad” label next to these links, it’s easy for users to overlook this distinction, potentially leading them to click on deceptive ads disguised as legitimate search results.
The consequences of such deceptive ads are alarming. When users click on these links, they are directed to fake sites closely mimicking the official ones, or they are sent to decoy pages. The ultimate goal of these tactics is to lure victims into downloading an installer that appears harmless but actually harbors malicious elements. Malwarebytes confirmed it has observed these tactics in action.
According to the company, this incident serves as a stark reminder that online advertising remains a lucrative target for threat actors who aim to divert users to sites harboring malware. In this case, a legitimate Australian business had its ad account hacked, underscoring the need for constant vigilance in the ever-evolving digital landscape.
The security experts advised users to exercise caution while browsing and to employ security tools offering web protection, ad blocking and malware detection to enhance their online security.
The researchers also said they have reported this security breach to Microsoft, underlining the importance of staying proactive in safeguarding the online search and advertising environment.
Editorial image credit: rarrarorro / Shutterstock.com