Cybersecurity firm Malwarebytes reported that the malicious ad was found to contain a download link for Advanced IP Scanner, a utility previously exploited by ransomware operators.
Release date – Saturday, September 23 – 3:00 p.m.
San Francisco: Cybersecurity researchers find malicious and harmful ads delivered through Microsoft’s AI-powered Bing Chat responses promoting fake download sites that spread malware, according to a new report. A new report has been released.
According to cybersecurity firm Malwarebytes, the malicious ad appears to include a download link for the “Advanced IP Scanner” utility, which has been previously exploited by ransomware operators.
“Ads can be inserted into Bing Chat conversations in a variety of ways. One is when a user hovers over a link and the ad appears first, before organic search results.” said Jerome Segura, director of threat intelligence at Malwarebytes.
In February, Microsoft introduced its Bing Chat AI search assistant and a month later began inserting ads alongside it to generate revenue from this new platform. However, incorporating ads into Bing Chat has opened the door to hackers.
When researchers asked Bing Chat how to download Advanced IP Scanner, a link to download it appeared in the chat. Bing Chat may display an ad before the legitimate download link when you move your mouse over an underlined link in the chat. In this case, the researchers explained that the sponsored link was an advertisement for malware.
According to the report, malvertising campaigns are created by hackers who hack into advertising accounts of legitimate Australian businesses and create advertisements targeted at system administrators (IP scanners) and lawyers (MyCase legal managers). .
When a user clicks on the IP scanner’s malicious ad, they are directed to a website (‘mynetfoldersip(.)cfd’). Websites distinguish between bots and crawlers and human victims by checking IP addresses, timezones, and various sandbox/virtual system indicators. machine. According to the report, victims are redirected to advanced-ip-scanner(.)com, a clone of Advanced IP Scanner that uses typosquatting to trick visitors.
The researchers advised that “users are advised to be especially careful about the websites they visit, as well as use a number of security tools for additional protection.”