Tech Support
Documentation
Login
Contact Us
Bing Chat Malware Alert: Stay Safe from Malicious Sites
Wajahat Raja
October 10, 2023 - TuxCare expert team
In a concerning development, fraudulent advertising has infiltrated Microsoft’s Bing Chat AI chatbot, possibly exposing unsuspecting users to malware-infected websites. These Bing Chat malware findings shed light on a new channel that hackers are using to transmit malware to people looking for popular software solutions. Recognizing and avoiding suspicious links in Bing Chat has become a hot topic nowadays.
Bing Chat Malware Threat
In February 2023, Microsoft launched Bing Chat, which provides consumers with an interactive search experience driven by the powerful OpenAI language model GPT-4. However, Microsoft began experimenting with integrating advertising into Bing Chat barely a month later. While this move was intended to increase user engagement, it accidentally presented an opportunity to threat actors for malware distribution through Bing Chat.
Ads can be surreptitiously placed into Bing Chat, according to Jérôme Segura, Director of Threat Intelligence at Malwarebytes. One way is to show an ad as a user hovers over a link, thus preempting the organic search result. Bing Chat malicious ads are a deceitful technique that can trick people into clicking on false adverts while they believe they are authentic.
Real-world Example of Bing Chat Phishing
To illustrate the potential danger in Bing Chat security, consider a scenario where a user searches for the legitimate software “Advanced IP Scanner” using Bing Chat. Hovering over the link exposes a malicious ad pointing to a bogus website instead of a direct connection to the genuine download site. Users who click on this link are forwarded to a traffic direction system (TDS), which determines whether the request is from a genuine human user. If users confirm, they are routed to Bing Chat fake download sites containing a malicious installation.
In this scenario, the installer is set up to run a Visual Basic Script while connecting to an external server. The precise nature of the malware deployed is unknown. This effort is particularly concerning because threat actors were able to enter the ad account of a legitimate Australian business, resulting in the creation of these misleading adverts.
Bing Chat Privacy Implications
As Segura points out, threat actors routinely utilize search advertisements to direct people to malicious websites that hold Bing Chat ads malware. With attractive landing pages, people might easily fall victim to unintentionally downloading malware. These developments emphasize the importance of caution when dealing with Bing Chat and other online platforms. Users can also look for other secure messaging alternatives to Bing Chat.
Common Malware Types Linked To Bing Chat
These disclosures come amid a broader threat landscape in which fraudsters are employing increasingly sophisticated approaches. Recent Akamai and Perception Point reports show multi-step efforts aimed at hotel systems, booking sites, and travel companies. These efforts begin with the distribution of information-stealing software, followed by attempts to collect payment information via fake reservation pages.
In one such campaign, attackers pose as hotels and contact consumers via booking sites, requesting that they “re-confirm their credit card information.” This strategy makes use of the victims’ sense of urgency, allowing the attackers to steal personal data.
Social Engineering
Cofense, a threat management service for enterprise phishing, has discovered a unique social engineering attack aimed at the hotel industry. The primary targets are luxury hotel chains and resorts. The attackers use a variety of sector-related baits, including false booking requests, reservation revisions, and special requests.
Email-Based Attacks
Threat actors are using email-based attacks in addition to sophisticated campaigns targeting the hospitality sector. Malicious HTML attachments are frequently used in these assaults to carry out Browser-in-the-Browser (BitB) attacks. These attacks display seemingly innocuous pop-up windows requesting Microsoft credentials from email recipients.
The Rise of ZeroFont
In another example of evolving phishing techniques, threat actors are employing a tactic known as ZeroFont. This method entails placing a portion of the email message content in a font with a zero-pixel size, giving the impression that the email has passed security tests. Attackers can hide “invisible” text at the beginning of a message by modifying email previews, potentially tricking recipients into believing a phishing message is trustworthy.
Conclusion
These findings highlight the ever-changing techniques used by threat actors to target naïve consumers. Users should practice caution when opening unsolicited links, even if they appear legitimate. It is critical to be skeptical of Bing Chat malware distribution messages that demand rapid action, as well as to examine URLs for indicators of fraud.
Staying aware and vigilant is the best defense against growing cybersecurity risks with Bing Chat. By understanding the tactics used by cybercriminals, users can better protect themselves from falling victim to malicious activities online.
The sources for this piece include articles in The Hacker News and Bleeping Computer.
