Users of Microsoft Bing Chat who search for software downloads can be easily duped into visiting dubious websites that install malware instead of the promised product.
When a user hovers over the link offered by Bing Chat, the AI-powered chatbot may display both the official website for the product and a potentially harmful ad, according to a Malwarebytes blog post.
It provides the user with the option of visiting either link. However, because the malicious ad link appears above the official page, people may be more inclined to click on it despite the small “Ad” mark next to it.
It gave an example of asking Bing Chat for a download link to Advanced IP Scanner, however, the first link displayed was a fraudulent advertisement for “IP Scanner for Network.”
Users are directed to a website that filters traffic to distinguish genuine victims from bots, sandboxes, and security researchers by verifying their IP address, time zone, and numerous system parameters.
After screening out undesirable traffic, victims are led to a bogus website that looks exactly like the legitimate Advanced IP Scanner website.
It includes a link to an installation that includes three files. Only one of them, however, is malicious and is a complex script.
When the script is run, it connects to an external IP address, most likely to request an additional payload.
“We recommend users pay particular attention to the websites they visit but also use a number of security tools to get additional protection,” stated Malwarebytes.
Bing AI now adds hyperlinks to text when responding to user inquiries, and these linkages are occasionally paid adverts. When Malwarebytes asked Bing AI how to get Advanced IP Scanner, it was directed to a fraudulent domain rather than the genuine page.
While Microsoft does place a small ad label next to the link, it is easy to miss, and an uninformed user will not think twice about opening the link and downloading a file that could damage their machine.
In this case, the ad launched a bogus URL that screened traffic and sent genuine users to a bogus website that resembled the legitimate Advanced IP Scanner website. When the executable installer is started, the script attempts to connect to an external IP address.
While this was only one example, anyone with a Microsoft ad account and a marketing campaign can take advantage of it. Microsoft does not appear to be verifying campaigns after they are submitted to ensure they match the criteria and do not target users.
