Bing AI Chat Responses Hijacked by Malvertising

Malicious advertisements, known as malvertising, have made their way into Microsoft’s Bing Chat AI-powered search engine. Responses from the chatbot may include links to deceptive domains that effectively trick the user into downloading malware.

Microsoft introduced Bing Chat, which is powered by OpenAI's GPT-4 engine, in February 2023. However, the integration of ads into Bing Chat in March has opened the door to malvertisers.

The method behind malvertising is relatively straightforward but highly effective. Hackers strive to deceive ad networks into displaying seemingly legitimate ads that harbor malicious payloads. These deceptive ads often masquerade as software downloads, streaming services, or cryptocurrency-related tools to lure unsuspecting users.

Traditionally, malvertising has plagued mainstream search engines like Google and Bing despite efforts by these tech giants to maintain the integrity of their search results. However, the emergence of Bing Chat, with its AI-driven responses, has marked a shift in the landscape.

When Malwarebytes researchers asked Bing Chat where they could download a program called Advanced IP Scanner, they received a link that redirected them to a site with a deceptive domain, "advenced-ip-scanner[.]com." This subtle alteration (an “e” instead of an “a”), known as typosquatting, could easily go unnoticed by unsuspecting users.

The fake site was designed to mirror the official Advanced IP Scanner page, and encourages users to download the installer. However, as you’d expect, this installer contains a malicious payload.

While Bing Chat offers a unique search experience, it remains susceptible to the same deceptive ads found in traditional Bing queries. Users should always exercise caution when encountering ads in AI-powered chatbots and conventional search results. Scrutinizing ads and double-checking web addresses are essential tactics to avoid falling victim to malicious advertising.