Microsoft is currently under fire because of its chatbot Bing Chat. According to various sources, the chatbot has been pushing malware ads under search queries, which is a huge cyber threat to people who trust and use the tool.
Bing Chat, the AI-powered chatbot from Microsoft, has been caught up in a cybersecurity storm. Researchers from Malwarebytes have uncovered a concerning trend where hackers are exploiting Bing Chat’s ad-serving capabilities to expose users to malicious advertisements, putting their online safety at risk.
Even though Microsoft added advertisements to Bing Chat earlier this year as part of their efforts to monetize the service, the appearance of these malicious adverts is seriously jeopardizing user security.
Microsoft is under fire because of the recent ads on Bing Chat
By using a variety of strategies, such as inserting sponsored links into text responses to user questions, Bing Chat has successfully blended adverts into user interactions. Even though it might seem safe, experts have found a hidden risk. When consumers linger over these sponsored links, the advertisement appears before the natural search results, which could result in security flaws.
The Malwarebytes team ran a test to shed light on this problem. They requested download links for Advanced IP Scanner, a well-known network management application, via Bing Chat. Surprisingly, despite the chatbot’s second option being a genuine download link, the prominently displayed sponsored link at the top of the search results instead sent them to a phony website that looked like the actual Advanced IP Scanner website.
Bing Chat Enterprise is redefining business chatbots
“Upon clicking the first link, users are taken to a website (mynetfoldersip[.]cfd) whose purpose is to filter traffic and separate real victims from bots, sandboxes, or security researchers. It does that by checking your IP address, time zone, and various other system settings such as web rendering that identifies virtual machines,” said The Malwarebytes.”
This phony website allowed users to download a harmful installer. The installer attempted to connect to an external IP address when it was run in order to get a sneakily hidden harmful payload.
You can prevent these kinds of issues by using a VPN on public WiFi.
Decoding the malicious payload
The precise make-up of the harmful payload buried within these trick downloads is still unknown. Adware, which is generally safe, could be present, as well as more dangerous threats like spyware or ransomware. Currently, it appears that Microsoft’s control over the ads presented within Bing Chat is insufficient, leaving consumers vulnerable to the dangers of potentially harmful advertising.
Malwarebytes has duly reported its findings to Microsoft, sparking anticipation regarding the tech giant’s response. The crucial question now is whether Microsoft will take swift action to eradicate these dubious ads from Bing Chat, thereby ensuring user safety within its ad ecosystem. Only time will tell if Microsoft can address this issue and restore confidence in the security of its AI chatbot.
How to defend yourself against malicious ads
In light of this unsettling discovery, it’s essential for users to take proactive steps to protect themselves against malicious ads when using Bing Chat or any other online service. Here are some simple yet effective strategies:
- Stay informed: Keep yourself updated on the latest cybersecurity threats and trends. Awareness is your first line of defense.
- Verify links: Always double-check the legitimacy of links, especially those from sponsored ads. If something seems off or too good to be true, exercise caution.
- Use security software: Install reputable antivirus and anti-malware software on your device. Regularly update and scan your system to detect and remove any potential threats.
- Enable ad blockers: Consider using ad-blocking extensions or tools that can help filter out potentially harmful ads.
- Report suspicious activity: If you encounter any suspicious ads or websites while using Bing Chat or any online service, report them to the platform or service provider.
By taking these precautions, users can minimize the risks associated with malicious ads and navigate the digital landscape more securely.
Featured image credit: Rubaitul Azad/Unsplash
