Bing Chat Vulnerable to Malvertising: Fake Download Sites Distributing Malware

Malicious advertisements have infiltrated Microsoft’s AI-driven Bing Chat responses, and these ads are promoting counterfeit download websites that distribute malware. Bing Chat, powered by the formidable GPT-4 engine developed by OpenAI, was introduced by Microsoft in February 2023 with the goal of challenging Google’s supremacy in the search industry. It offers users an interactive chat-based experience, departing from the traditional search query and result format, in an effort to make online searches more intuitive and user-friendly.

In March, Microsoft initiated the practice of injecting advertisements into Bing Chat conversations to generate revenue from this novel platform. However, this introduction of ads into Bing Chat has inadvertently opened the door to malicious actors who are increasingly utilizing search advertisements as a means to disseminate malware.

Moreover, engaging in conversations with AI-powered chat tools can foster a sense of unwarranted trust, potentially convincing users to click on ads. This level of trust might not be present when quickly scanning impersonal search results. The conversational interaction can imbue AI-provided URLs with a misplaced sense of authority and trustworthiness, thus exacerbating the existing issue of malvertising within search platforms with the introduction of AI assistants.

It’s important to note that labeling these ads as “promoted results” when a user hovers over a link in Bing Chat conversations might be insufficient to mitigate the associated risks.

Malwarebytes researchers have identified malicious ads within Bing Chat that masquerade as download sites for the popular utility “Advanced IP Scanner.” This software has previously been exploited by operators of the RomCom RAT and Somnia ransomware. When a user inquires through Bing Chat about how to download Advanced IP Scanner, the chat interface provides a link for downloading it.

However, a critical concern arises when a user hovers over an underlined link in the chat. In such cases, Bing Chat may first display an advertisement, followed by the legitimate download link. In this instance, the sponsored link was, in fact, a malvertisement promoting malware.

The risky URL served in a Bing Chat conversation
Source: Malwarebytes

The malvertising campaign was executed by an individual who had gained unauthorized access to the ad account of a legitimate Australian business. Two malicious ads were created, targeting system administrators (with references to an IP scanner) and legal professionals (mentioning MyCase law manager).

Malicious ads created by the threat actor
Source: Malwarebytes

Clicking on the malicious ad related to the IP scanner directs users to a website with the URL ‘mynetfoldersip[.]cfd.’ This site employs techniques to differentiate between bots and human users by scrutinizing IP addresses, time zones, and various system indicators, including sandbox or virtual machine attributes. Subsequently, victims are redirected to ‘advenced-ip-scanner[.]com,’ a clone of Advanced IP Scanner that employs typosquatting tactics (note the inclusion of an extra ‘e’ in “advenced”) to deceive visitors.

The redirect chain (Malwarebytes)

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link