Malicious Ads & Malware Invade Microsoft's Bing Chat - How to Be Safe

· 4 min read
Malicious ad served inside Bing's AI chatbot / Malwarebytes

Malicious advertisements are creeping into our digital lives at an alarming rate. The latest victim? Microsoft's Bing Chat, a seemingly innocent AI-driven search engine. Bing Chat, often called "the fresh face of Bing," is an AI-powered chatbot developed by Microsoft.

Bing Chat’s AI - Coming Soon to Your Mobile Browser!
Get ready to explore the magic of Microsoft’s AI-powered Bing Chat as it arrives on mobile browsers.

Microsoft released Bing Chat in February 2023 as a formidable challenger to Google's dominance in the search industry. This interactive chat-based experience aimed to revolutionize online searches, leaving the traditional search query and result format behind. Especially with new Google features like Bard AI, Search Generative Experience (SGE), Google Search Perspectives, etc.

To generate revenue, Microsoft introduced ads into Bing Chat conversations. This move, while financially savvy, opened Pandora's box. Enter threat actors, the nefarious forces behind malvertising. Something similar to this happened to Google search as well.

The Dark Side of Google Ads - How LOBSHOT Malware is Being Distributed
Stay one step ahead of LOBSHOT malware with our foolproof guide. Click to learn how to protect your business and ensure your peace of mind.

Malvertisers employ cunning tactics to trick ad networks into displaying seemingly harmless ads that are anything but. They impersonate legitimate software, streaming services, or tools related to cryptocurrency, creating a facade that's hard to distinguish from the real deal.

Malvertising's Migration to Bing Chat

Historically, malvertising has plagued search engines like Google and Bing search despite their best efforts to maintain clean search results. But the game changed with the introduction of Chat-GPT into Bing.

Legitimate Users Directed to Fake Site with Decoy Page and Download / malwarebytes

Let's take a closer look at a real-life scenario. Malwarebytes, a cybersecurity stalwart, asked Bing Chat for the "Advanced IP Scanner" tool. The result? A link that, upon closer inspection, led to "advenced-ip-scanner[.]com" (note the "e" instead of "a"). Clicking this link initiated the download of an installer designed to retrieve a malicious payload.

Malicious Script in MSI Installer: Reaches Out for Payload / malwarebytes

Behind this malicious campaign lies a sophisticated operation. Threat actors managed to infiltrate the ad account of a legitimate Australian business to disseminate these deceptive ads.

The Anatomy of a Malware Attack

Upon clicking the link, users are directed to a traffic direction system (TDS), which meticulously examines various parameters, including IP address, timezone, and system indicators. This scrutiny is aimed at distinguishing humans from bots, crawlers, or sandbox environments.

The Growing Threat of Malware - Daam and Predator Unmasked
Discover the dangers posed by Daam and Predator malware and find out how to defend against them.

The downloaded MSI installer contains a heavily obfuscated malicious script. Its purpose? To establish a connection with an external resource to retrieve the elusive payload. As of now, the nature of this malware remains a mystery, as Malwarebytes couldn't uncover the final payload.

Malicious Actor's Hacking Spree: Targeted Ads Creation

But the malvertising menace isn't confined to Bing Chat alone. Recent findings by Akamai and Perception Point unveiled a multi-step campaign targeting the hospitality sector.

How many Cyberattacks so far in 2023?

SonicWall's 2023 Cyber Threat Report shows that malware attacks surged since 2018. Ransomware attacks are also concerning, with 1,815 incidents in just the first six months of 2023.

In August 2023, several notable incidents occurred, including a massive breach that exposed the personal data of over 760,000 users. Cyber threats are rising, with an average ransom demand of $1.54 million and over 236.7 million ransomware attacks globally in the first half of 2023.

The top five most prolific ransomware families since January 2023 are LockBit, ALPHV, Malas, Cl0p, and Royal Ransomware. Threat actors like Lazarus APT, Cuba Ransomware Gang, Akira Ransomware Gang, MoustachedBouncer, and NoEscape Ransomware Group are taking center stage.

In 2023, there were 694 data breaches and 612.4 million breached records. Healthcare and Education were the most frequently targeted sectors, with 199 and 119 incidents, respectively.

This complex operation involves deploying information-stealing malware and leveraging compromised access to steal financial data from unsuspecting customers.

Malwarebytes suggests that users should not only exercise caution while visiting websites but also employ multiple security tools to enhance their protection.