Evolving Malware Attacks: Bing Chat Compromised

Malicious advertisements are now being injected into Microsoft's AI-powered Bing Chat responses, promoting fake download sites that distribute malware. The threat actors behind this campaign exploit the interactive chat-based experience of Bing Chat to distribute malware through deceptive advertisements. Users interacting with AI-powered chat tools may inadvertently trust and click on these ads, assuming a sense of authority and trustworthiness due to the conversational nature of the interface.

Attack Details

The malvertising campaign impersonates a popular IP scanner, 'Advanced IP Scanner,' and targets system admins and lawyers through malicious ads. When users inquire about downloading Advanced IP Scanner in Bing Chat, they are presented with an advertisement followed by a legitimate-looking downloadable link. The sponsored link within the chat is a malvertisement pushing malware. The threat actor behind this campaign hacked into the ad account of a legitimate Australian business to create and distribute these malicious ads.

The malvertising campaign employs typosquatting and redirects users to a fake website ('advanced-ip-scanner[.]com') resembling a legitimate software site. The malicious MSI installer, once downloaded, contains obfuscated scripts that connect to external resources to retrieve the payload. The exact payload remains unidentified, but threat actors typically distribute information-stealing malware or remote access trojans in similar campaigns.

Impact

The malvertising campaign within Bing Chat conversations expands the threat landscape, highlighting the need for users to exercise caution when interacting with chatbot results. Clicking on malicious ads can lead to potential malware infections, compromise sensitive information, or grant threat actors access to victims' systems.

Recommendations

To mitigate the risks associated with this malvertising campaign, users are advised to:

• Exercise caution and verify URLs before downloading anything, especially from chat-based interactions.

• Implement ad blockers and security software to detect and block malicious advertisements.

• Educate users on recognizing deceptive advertisements and suspicious download links.

To sum up, the malvertising campaign in Bing Chat underscores the evolving tactics of cyber threats, emphasizing the importance of user vigilance and robust cybersecurity measures. Awareness and proactive security practices are crucial to mitigating the risks posed by deceptive advertisements and malware distribution.