Users of Bing Chat, the GPT-4-powered search engine Microsoft introduced earlier this year, are being targeted with ads leading to malware.
According to Malwarebytes researchers, searching for Advanced IP Scanner (network-scanning software) or MyCase (legal case management software) may result in an infection.
Pushing malware via Bing Chat ads
Malwarebytes researchers tested Bing Chat with a simple query: “download advanced IP scanner”.
Bing Chat responded by saying that “You can download Advanced IP Scanner from their official website,” but hovering over the link opened a dialog box where an ad for a malicious site is shown above the link to the official website.
The malicious link within the Bing Chat conversation. (Source: Malwarebytes)
“Users have the choice of visiting either link, although the first one may be more likely to be clicked on because of its position. Even though there is a small ‘Ad’ label next to this link, it would be easy to miss and view the link as a regular search result,” noted Jérôme Segura, sr. director of threat intelligence at Malwarebytes.
Clicking on the link in the ad takes victims first to a site that checks whether they are a bot, a sandbox, a security researcher or just a regular human user.
Only the latter are then redirected to a fake site (advenced-ip-scanner[.]com) – the rest are shown a decoy site.
At this point, potential victims are prompted to download the installer, which contains three files, one of which is a heavily obfuscated malicious script. When the installer is run, the script connects to an external IP address and retrieves an additional payload.
Malvertising through search engines
Using malicious ads served by search engines is a popular way for threat actors to trick users into downloading malware.
This year has seen a significant jump in malvertising via Google Ads to deliver malicious payloads such as LOBSHOT, an infostealer/remote access trojan.
“Considering that tech giants make most of their revenue from advertising, it wasn’t surprising to see Microsoft introduce ads into Bing Chat shortly after its release. However, online ads have an inherent risk attached to them,” Segura noted.