• by Laurie Sullivan  @lauriesullivan, September 29, 2023

Hackers have found another avenue to push malware into online advertisements. The Microsoft Bing Chatbot powered by artificial intelligence (AI) is being injected with malicious ads that promote fake download sites to distribute malware.

It’s the latest in a series of doors that have opened for hackers and bad actors as companies like Microsoft and Google incorporate advertising into their respective chatbot platforms.

This shows how users searching for software downloads can be tricked into visiting malicious sites and installing malware directly from a Bing Chat conversation. 

Bing Chat, powered by OpenAI's GPT-4 engine, was introduced by Microsoft in February 2023. It then added ads in March. Malwarebytes Labs shortly after identified malicious ads pretending to be a site for the popular Advanced IP Scanner utility.

The researchers found that when someone asked Bing Chat how to download the Advanced IP Scanner utility, it would display a link to download it in the chat. 

That link in the chat may show an advertisement first, followed by the legitimate download link, but in this case the sponsored link pushed malware.

“While Bing Chat is a different search experience, it serves some of the same ads seen via a traditional Bing query,” Jerome Segura, senior director of threat intelligence, wrote in the blog post.

Clicking on the malicious ad for the IP scanner took users to a website that separates bots and crawlers from humans by checking the IP address, time zone, and other system indicators.

Humans are then redirected to a clone of the Advanced IP Scanner utility site that uses typosquatting to mislead visitors.

The MSI installer contains three files, but only one is malicious and is a heavily obfuscated script that connects to an external resource. It reaches out to an external IP address to retrieve the payload.

“We recommend users pay particular attention to the websites they visit but also use a number of security tools to get additional protection,” Segura wrote.

This security incident was reported to Microsoft along with a few other related malicious ads.

.