A recent report from Malwarebytes researchers has revealed that users of Bing Chat, Microsoft’s GPT-4-powered search engine, are being targeted with ads that lead to malware. According to the researchers, searching for popular software such as Advanced IP Scanner or MyCase may result in an infection.
To investigate this issue, Malwarebytes researchers conducted a test using Bing Chat. They entered a simple query for “download Advanced IP Scanner” and received a response from Bing Chat, stating that the software could be downloaded from its official website. However, when they hovered over the provided link, a dialog box appeared, showing an ad for a malicious site above the link to the official website.
The researchers observed that users had a choice of visiting either link, but the ad was positioned in a way that made it more likely to be clicked on. Despite a small “Ad” label next to the link, it could easily be overlooked and seen as a regular search result. Jérôme Segura, the Sr. Director of Threat Intelligence at Malwarebytes, emphasized the potential for users to mistakenly click on the ad, stating that “it would be easy to miss and view the link as a regular search result.”
Clicking on the link in the ad redirected victims to a site that performed checks to determine if they were a bot, a sandbox, a security researcher, or a regular human user. Only regular human users were then redirected to a fake site with the domain advenced-ip-scanner[.]com, while others were shown a decoy site.
Upon reaching the fake site, potential victims were prompted to download an installer that contained three files, including a heavily obfuscated malicious script. When the installer was run, the script connected to an external IP address and retrieved an additional payload.
The use of malicious ads served by search engines has become a popular method for threat actors to deceive users into downloading malware. This year, there has been a significant increase in malvertising via Google Ads, which has been used to deliver malicious payloads such as LOBSHOT, an infostealer/remote access trojan.
Microsoft’s decision to introduce ads into Bing Chat shortly after its release does not come as a surprise, considering that tech giants primarily generate revenue from advertising. However, as mentioned by Segura, online ads inherently carry a risk. This incident serves as a reminder that users should exercise caution when interacting with ads, even on reputable platforms like Bing Chat.
In conclusion, the recent findings by Malwarebytes researchers highlight the presence of ads leading to malware on Bing Chat. Users searching for popular software may unknowingly click on ads that redirect them to malicious sites. This incident underscores the need for increased vigilance when interacting with online ads and serves as a reminder that even well-known platforms are not immune to the risks associated with malicious advertising.