Malicious actors have found a new way to slip harmful links into X’s promoted posts by tricking Grok, the platform’s AI assistant.
Although X explicitly bans links in paid promotions to curb malvertising, scammers now harness Grok’s content amplification to “grok” these URLs into wide circulation.
AI Bypass Sparks New Threat
X prohibits any URLs in promoted posts, aiming to stop fraudulent schemes and phishing campaigns. Yet, cybercriminals have discovered that Grok can still identify, summarize, and suggest external sites when prompted in replies.
By asking Grok questions about an innocuous-looking promoted image, scammers nudge the AI to reference a malicious domain in its reply. Once Grok mentions the link, thousands of users view it as credible because it comes from X’s official AI.
How “Grokking” Works
- Crafted Promoted Post
Scammers create a promotional tweet with eye-catching visuals but without direct URLs. This avoids X’s automated ad filters. - Comment and Prompt
In the replies, they post a query such as “@Grok what’s the source of this pic?” or “Grok, share video link!” - Grok’s Response
Grok analyzes the image and, lacking direct restriction awareness for promoted content, suggests the malicious domain, complete with enticing teaser text. - Viral Spread
Followers retweet the AI’s reply. Because the link appears to come from Grok, users assume it’s safe, driving huge click volumes.
Security researchers report campaigns driving tens of millions of views to adult or phishing sites in just days.
One example saw a promoted post about a harmless image rack up 4.3 million views. When users asked Grok for the source, the AI pointed to “datingprudethimble.com”—a known malvertising front—resulting in a sharp spike in visits.
The term “Grokking” has emerged to describe this tactic: using Grok to amplify links that X’s policies should block.
Scammers relish the challenge of outsmarting platform safeguards, and Grokking represents a clever new frontier in ad-based cybercrime.
X’s leadership acknowledges the loophole but insists on refining AI safeguards rather than disabling Grok entirely.
The company is rolling out updates to prevent the AI from suggesting domains flagged for malice or spam. However, until these fixes fully take effect, users remain vulnerable.
For everyday users, the advice is clear: treat AI-sourced links with the same caution as unknown emails or messages.
Do not click on suspicious domains promoted through AI replies. Always verify links independently and report any ads that seem to bend the rules. Until X closes the Grokking loophole, vigilance is the best defense against this emerging threat.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
Source link
