Microsoft’s Bing Chat has come under scrutiny due to a significant security issue: malicious ad infiltration.
Malwarebytes researchers have demonstrated how unsuspecting users looking to download software can be tricked into visiting malicious websites and unintentionally downloading malware.
Bing Chat, an interactive artificial intelligence (AI) text and image app powered by OpenAI’s GPT-4 and launched in February 2023, has achieved impressive engagement numbers. It recorded more than 1 billion discussions in just six months after its release, according to a review published Thursday by Malwarebytes.
This growing popularity has attracted advertisers looking to reach a large user base, but it has also created a potential channel for abuse.
One method used to introduce ads into Bing Chat conversations is to display an ad when a user hovers over a link preceding the organic search result. Despite a small “Ad” label next to these links, it’s easy for users to overlook this distinction, potentially leading them to click on deceptive ads disguised as legitimate search results.
Learn more about AI chatbot security: New ChatGPT attack technique spreads malicious packages
The consequences of these misleading advertisements are alarming. When users click on these links, they are directed to fake sites that faithfully imitate the official sites, or to decoy pages. The ultimate goal of these tactics is to trick victims into downloading an installer that appears harmless but actually contains malicious elements. Malwarebytes has confirmed that it has observed these tactics in action.
According to the company, this incident is a stark reminder that online advertising remains a lucrative target for malicious actors who aim to divert users to sites hosting malware. In this case, the advertising account of a legitimate Australian business was hacked, highlighting the need for constant vigilance in an ever-changing digital landscape.
Security experts have advised users to exercise caution while browsing and use security tools that offer web protection, ad blocking, and malware detection to improve their online safety.
The researchers also said they reported this security breach to Microsoft, emphasizing the importance of remaining proactive in protecting the online search and advertising environment.
Editorial image credit: rarrarorro / Shutterstock.com