Microsoft’s AI-driven search tool, Bing Chat, has been found to have vulnerabilities that allow for the integration of malicious ads. Users may unknowingly be redirected to phishing sites when clicking on these ads, leading to the download of malware onto their systems. Malwarebytes has alerted Microsoft to these issues, but no action has yet been taken.
Review of Bing Chat’s Vulnerability to Malicious Ads
Microsoft’s AI-driven search tool, Bing Chat, integrated with OpenAI’s GPT-4, has been flagged for the presence of malicious ads within its interface, as highlighted in a detailed advisory by Malwarebytes.
Users need to exercise caution as searching for software downloads through Bing Chat can lead them to inadvertent encounters with deceptive websites that download malware onto their systems.
This alarming process unfolds as follows:
While using the Bing Chat interface, ads are presented prior to search results when users hover over certain links.
While these links are designated with the ‘Ad’ label, their discreet positioning may foster the perception that they are legitimate search results.
Disconcertingly, clicking on these ads can unexpectedly redirect users to phishing sites that have been cleverly designed to closely resemble official platforms.
These convincing sites then prompt users to download seemingly trustworthy installers. However, in reality, these installers bring along harmful payloads and deliver malware at the expense of the user’s belief that they’re engaging with a safe source.
Researchers at Malwarebytes detailed an incident in which a genuine Australian business’s ad account was compromised. Using the hacked account, malicious actors succeeded in placing two deceptive ads aimed at professionals such as network administrators and lawyers. This emphasizes the enduring appeal of advertising for cybercriminals due to its broad reach and significant impact.
It’s worth noting that vulnerabilities within Bing Chat’s platform have been reported to Microsoft by Malwarebytes, but a response from Microsoft is yet to be seen.
AI’s involvement in fraud and cybersecurity behaves as a two-edged sword, offering support to both cybersecurity professionals and facilitating cybercriminal activities.
Source: DailyAI
Action items from meeting notes:
1. Investigate and address the vulnerabilities in Bing Chat’s platform that allow integration of malicious ads.
2. Develop measures to ensure that users are not easily deceived into accessing malicious websites through the Bing Chat interface.
3. Improve the labeling and visibility of ads within the Bing Chat interface.
4. Implement stricter measures to prevent compromised ad accounts from being used to place deceptive ads.
5. Collaborate with Malwarebytes to address the vulnerabilities and come up with effective solutions.
6. Take immediate action to address the vulnerabilities and protect users from downloading malware through deceptive installers.
7. Enhance fraud and cyber security measures in the AI-driven search tool, Bing Chat.
8. Communicate and update Microsoft’s response to the vulnerabilities identified by Malwarebytes.