A new cyber-attack, dubbed “Grokking,” is exploiting features on the social media platform X to spread malicious links on a massive scale.
Scammers are manipulating the platform’s advertising system and its generative AI, Grok, to bypass security measures and amplify harmful domains. This technique turns X’s own tools into unwilling accomplices in a widespread malvertising scheme.
According to GuardioSecurity researcher Nati Tal, the attack begins with malware promoting “video card” posts, which often use explicit or sensational “adult” content to lure users.
While X’s policies aim to combat malvertising by disallowing links in promoted content, these attackers have found a critical loophole.
The malicious link is not placed in the main body of the post but is instead embedded in the small “From:” field located beneath the video player.
X’s automated security scans seem to miss this area. As a result, posts can spread widely and get anywhere from 100,000 to over 5 million paid impressions.
The second stage of the attack leverages the platform’s AI assistant, Grok. Curious users, seeing the often anonymous and intriguing videos, frequently turn to Grok to ask for the source.
In its effort to provide a helpful answer, the AI scans the post for information and extracts the domain name from the “From:” field.
Grok then presents this malicious link directly to the user in its reply. For instance, when asked about a video’s origin, Grok has been observed responding with links to suspicious domains, Nati Tal said.
This process effectively “Grokks” the malicious link, not only delivering it to inquisitive users but also amplifying its visibility and perceived legitimacy.
By having the platform’s own AI reference the domain, the scammers may benefit from enhanced SEO and a strengthened reputation for their harmful sites, making them seem more trustworthy to unsuspecting users.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Source link
