Malwarebytes researchers conducted a test on Bing Chat by typing a simple query: “download advanced IP scanner.”
Within the Bing Chat conversation, a problematic link was discovered, as shown in the image from Malwarebytes.
Users had the option to click on either of the two links, although the first one was more likely to be clicked due to its prominent position. Despite a small “Ad” label next to this link, it was easy to overlook, making it appear as a regular search result. This observation was pointed out by Jérôme Segura, the Senior Director of Threat Intelligence at Malwarebytes.
If someone clicked on the link in the ad, they were directed to a website that checked whether they were a bot, a sandbox, a security researcher, or a regular human user. Only regular human users were redirected to a fake site (advanced-ip-scanner[.]com), while the rest were shown a deceptive site.
At this stage, potential victims were prompted to download an installer, which contained three files, one of which was a heavily obfuscated malicious script. When the installer was executed, the script connected to an external IP address and retrieved an additional harmful payload.
Using malicious ads through search engines has become a common tactic for cyber threat actors to deceive users into downloading malware. This year has witnessed a significant increase in malvertising through Google Ads to deliver malicious payloads like LOB SHOT, which is an info stealer and remote access trojan.
Microsoft introduced ads into Bing Chat shortly after its launch, which is not surprising considering that tech giants generate a major portion of their revenue from advertising. However, online ads inherently come with associated risks, as pointed out by Segura.
: Bing Chat Adds May Be Directing You to Malicious LinksWe must stay diligent in making sure we are educating all of our employees to make sure we do not click on links we do not recognize! This can lead to breaches that may result in downtime for business among other things. Please reach out to your Veroot Cyber team if you have any questions!