Beware of Malvertising in Bing Chat
Bing Chat , like other big tech products, makes money from advertising. This is not necessarily a bad thing, and most of us are already accustomed to this practice. But, as with search engines, some of these ads are not legitimate. In fact, some of them are malicious and their ultimate goal is to trick you into installing malware on your computer.
Bing Chat may display malicious ads
Malwarebytes Labs has discovered malicious ads being displayed during Bing chat conversations. “Malvertising,” as the practice is sometimes called, wasn’t on many of our radars when testing Microsoft’s AI chatbot, but it’s good to know moving forward. While generative AI has a lot to offer, you don’t want it to become just another vehicle for malware and malicious activity to spread into your life. (This is already enough to deal with everyday digital life.)
For example, Malwarebytes told Bing Chat that it wanted to download a program called “Advanced IP Scanner.” The first sentence of Bing Chat’s response was, “You can download Advanced IP Scanner from their official website,” which was hyperlinked. Presumably, the link will take you to the official website to download the program in question. However, when the team hovered over the link, an advertisement appeared above the actual link.
Again, this isn’t necessarily malicious: companies pay search engines like Bing to rank their products at the top of searches, so if you’re looking for a specific IP scanner, another company might convince you to try them.
Unfortunately, this is not a case of fair market competition. This particular link will take you to a site that will first verify that you are a real person by checking your IP address, location, as well as other information about your setup. (After all, why try to trick a bot?) If the site decides you’re a human, congratulations: your prize is a redirect to a fake IP scanner site pretending to be the one you’re trying to get to. True to its malicious form, this site then convinces you to download an IP scanner installer, which of course contains malware.
When I tried a similar search, Bing didn’t offer me ads next to the official link, which is good. But that doesn’t mean the problem won’t happen again, or with a different product altogether.
How to Avoid Malvertising
While there are still unknown elements to this malicious campaign, it is a good reminder that attackers are constantly looking for new ways to steal your data and infiltrate your systems.
Whether you’re using Bing Chat or just trying to find something on Google , remember that attackers love to impersonate legitimate companies and services through malvertising. Therefore, it is recommended to avoid clicking on advertisements if possible. If you want to click a Bing chat link later, take an extra second to check whether you’re clicking a Bing-generated link or a link presented as an ad. (Under the last one there will be an inscription “advertising”.)