Researchers have discovered a new phishing campaign that exploits Microsoft’s Bing Chat to promote malicious URLs. The campaign involves creating malicious ads via legit ads businesses to rank higher and appear in Bing Chat responses to lure victims.
Bing Chat May Show Malicious Ads
According to a recent report from Malwarebytes Labs, Microsoft’s Bing Chat is inadvertently serving as a malware distributor by showing malicious ads. While the technology is legit, threat actors have likely meddled with its advertising features to display their malicious URLs in Bing Chat responses.
Bing Chat is a recent technology from Microsoft that leverages ChatGPT to provide users with AI-powered search results, including sponsored links or ads. The tech giant rolled out this feature earlier this year with Microsoft Edge browser and Bing Search.
As explained, the Malwarebytes team entered a search query about downloading the “Advanced IP scanner” to Bing Chat. In response, they found an advertisement URL as the top suggested result, followed by the tool’s official website. Given the ad’s top placement, it is more likely to be clicked by an average user, which risks users’ security.
Clicking on the link would redirect the user to a temporary web page (mynetfoldersip[.]cfd) that validates the incoming request as a genuine user through various parameters, such as time zone, system settings, etc. Otherwise, the web page would redirect to a decoy page upon detecting a sandbox, a bot, or a virtual machine.
For genuine users, the web page would redirect to a phishing website (advenced-ip-scanner[.]com), mimicking the Advanced IP Scanner’s official site. This phishing website lures the victims into downloading the MSI installer, which triggers the malware infection.
To run this campaign, the threat actors compromised the ad account of a legitimate Australian business to create fake ads.
The researchers warn the users to stay vigilant when clicking on any URLs and downloading files and equip their devices with robust anti-malware to fend off known cyber threats.
Let us know your thoughts in the comments.