Microsoft’s Bing Chat AI search assistant has been discovered to be serving up malicious ads to users.
Bing Chat was first introduced in February this year and began serving ads a month later to help cover costs. However, incorporating ads into the platform has opened the door to threat actors, who have been purchasing advertisement to distribute malware. The ads are usually displayed before the organic search results, which increases the likelihood of the victim clicking on them. One of the malicious ads is a typo-squat of the advanced IP scanner and attempts to get the user to download and run a malicious installer. That malicious ad was served via the Microsoft advertising platform from a legitimate but compromised ad account. Microsoft have said that their content policies prohibit advertising content that is deceptive and that ad has since been removed. They are also continuing monitoring their ad network and will take action as needed to help keep customers protected. This incident has highlighted the need for users to be wary of chatbot results and to always double check URLs before downloading anything.
https://thehackernews.com/2023/09/microsofts-ai-powered-bing-chat-ads-may.html
https://www.theregister.com/2023/09/29/microsoft_bing_chat_malware/
https://www.bleepingcomputer.com/news/security/bing-chat-responses-infiltrated-by-ads-pushing-malware/
This segment was created for the It’s 5:05 podcast