In a concerning turn of events, Bing Chat, Microsoft’s AI chatbot, has come under scrutiny for reportedly displaying deceptive ads containing malicious links. Researchers at Malwarebytes have uncovered instances of ‘malvertising’ within Bing Chat, where scammers use ads to lure unsuspecting users to phishing sites that distribute malware. While Bing Chat introduced ads earlier this year as part of Microsoft’s monetization strategy, the presence of malicious ads on the platform has raised serious security concerns.
Bing Chat employs various methods to insert advertisements into conversations, including incorporating sponsored links into responses to user queries. When a user hovers over such a link, the ad appears as the top result, followed by the organic search result. According to the findings of Malwarebytes researchers, these sponsored links can sometimes direct users to phishing sites designed to deceive them into downloading malicious applications.
As an illustration, researchers requested download links for a well-known network management program called Advanced IP Scanner. While the chatbot provided the genuine download link as the second result, the sponsored link at the top of the search results redirected users to a counterfeit website resembling the official Advanced IP Scanner site. This fake site offered a malicious installer for download. Upon downloading and running the executable MSI file, the script attempted to connect to an external IP address to fetch the malicious payload.
Malwarebytes did not specify the exact nature of the malicious payload, leaving room for speculation. It could range from relatively harmless adware to more sinister threats like spyware or ransomware. Currently, it appears that Microsoft may not be thoroughly vetting the ads displayed on Bing Chat, or if it is, it seems vulnerable to circumvention by malicious actors. Malwarebytes has reported its findings to Microsoft, raising hopes that the company will take action to eradicate these dubious ads from Bing Chat for the sake of user security.
The situation highlights the importance of robust security measures and constant vigilance in the ever-evolving landscape of online threats. Users are advised to exercise caution when interacting with ads or links on Bing Chat and similar platforms, ensuring they verify the legitimacy of sources before downloading or clicking on any content.