Bing Chat, like other big tech products, makes some money from advertising. It’s not necessarily a bad thing, and most of us are pretty used to the practice at this point. But just as with search engines, some of these ads aren’t legitimate. In fact, some are malicious, with the ultimate goal of tricking you into installing malware on your computer.
Bing Chat can serve malicious ads
Malwarebytes Labs discovered malicious ads being served during Bing Chat conversations. “Malvertising,” as the practice is sometimes known, wasn’t on many of our radars when testing out Microsoft’s AI chatbot, but it’s good to be aware of going forward. While generative AI has a lot to offer, you don’t want it to be another vehicle for malware and malicious activity in your life. (There’s already enough of that to deal with in daily digital life.)
For example, Malwarebytes told Bing Chat they wanted to download a program called “Advanced IP Scanner.” The first sentence of Bing Chat’s response was, “You can download Advanced IP Scanner from their official website,” which was hyperlinked. Presumably, the link takes you to the official website to download the program in question. However, when the team hovered over the link, an ad appeared above the real link.
Again, not necessarily a malicious thing: Companies pay for search engines like Bing to float their products to the top of a search, so if you’re looking for a specific IP scanner, another company may want to convince you to try theirs.
Unfortunately, this isn’t a case of fair market competition. This particular link takes you to a site that first makes sure you’re a real person by verifying your IP address, location, as well as other information about your setup. (Why bother trying to scam a bot, after all?) If the site decides you’re a human, congrats: Your prize is a redirection to a fake IP scanner site that impersonates the one you’re trying to get to. True to malicious form, this site then convinces you to download the installer for the IP scanner, which, of course, contains the malware.
When I tried a similar search, Bing didn’t offer me an ad alongside the official link, which is good. But that doesn’t mean this issue won’t happen again, or with a different product altogether.
How to avoid malicious ads
While there are still unknown elements to this malware campaign, it’s a good reminder that bad actors are constantly looking for new ways to steal your data and leech on your systems.
Whether you’re using Bing Chat or simply trying to Google something, remember that bad actors love to impersonate legitimate companies and services with malicious ads. As such, it’s good practice to avoid clicking on ads whenever possible. If you want to click on a Bing Chat link going forward, take the extra second to check whether you’re clicking the link Bing generated, or the link delivered as an ad. (The latter will have an “ad” branding below it.)
from Lifehacker https://ift.tt/J7fvBks
0 comments:
Post a Comment