Microsoft introduced its Bing Chat AI search assistant in February with the goal of improving user experiences, yet just months later began showing advertisements alongside search results in order to offset costs and cover maintenance. Unfortunately, security experts from Malwarebytes have identified malvertising campaigns within Bing Chat conversations; this article delves deeper into these malicious ads’ nature, function, and any risks they present to users.
Ads of Concern in Bing Chat
Malicious Ads Infiltrating Bing Chat Conversations: Malwarebytes reported that malicious advertisements have infiltrated Bing Chat conversations using various means, often by showing an ad when someone hovers their mouse over a link before showing their organic search result.
User Involvement Is Essential: In order for these ads to have any adverse consequences, users must interact with them. In order to click the ad and be exposed, users must click through to a site with malicious ads which then redirects them. Once there, risks could range from trying to obtain login credentials or installing malware downloads on computers to exploiting vulnerabilities within user computers and more.
Malwarebytes discovered that these malicious Bing Chat ads originated from a compromised ad account belonging to a legitimate Australian business, with two distinct malicious ads targeted at network administrators who were interested in an Advanced IP Scanner utility and lawyers looking for case management code companies like MyCase.
Malicious ads use deceptive tactics to trick their targets. For instance, clicking on a deceptive link could send users to a website designed to identify potential victims while filtering out bots, sandboxes, and security researchers. Once identified as valid targets, users are then taken to an inoffensive-looking website that closely resembles their actual website and encouraged to download a malicious installer installer.
Microsoft’s Response and Stand
Microsoft took immediate action upon learning of the issue. A Microsoft spokesperson assured that their content policies prohibit advertising that is deceptive or harmful to users; malicious content was removed and its advertiser banned from their networks, while they remain vigilant in monitoring for similar accounts in order to safeguard customers and ensure their safety.
MyCase, one of the companies targeted by one of these malicious ads, has reported being aware of it and is working actively to bring down this malicious domain. There is no reason for them to believe this incident compromised their data or systems or affected any customers in any way.
Impact and Unknown Payload Capacity
Malwarebytes discovered that these malicious advertisements were disguised as download sites for the popular ‘Advanced IP Scanner’ utility, which has previously been tied to cybercrime. Unfortunately, Malwarebytes researchers were unable to ascertain the final payload of this malware campaign; threat actors often use similar campaigns to distribute information-stealing malware or remote access trojans in order to compromise other accounts or corporate networks.
The presence of malicious ads in Microsoft’s Bing Chat AI search assistant illustrates the expanding reach of cyber threats. Users should exercise caution when engaging with chatbot results and double-check URLs before downloading anything. While Microsoft’s quick action to remove such content was encouraging, this incident serves as a reminder of the ongoing need for robust security measures in today’s ever-evolving digital landscape – stay vigilant to protect both online safety and privacy!