Bing Chat is directing people to malicious websites, the latest issue people are experiencing using generative AI.
According to security firm Malwarebytes, ads inserted into the Bing Chat results are directing people to malicious websites that can be used to install malware on their computers. The company explained the issue in a blog post:
Ads can be inserted into a Bing Chat conversation in various ways. One of those is when a user hovers over a link and an ad is displayed first before the organic result. In the example below, we asked where we could download a program called Advanced IP Scanner used by network administrators. When we place our cursor over the first sentence, a dialog appears showing an ad and the official website for this program right below it.
Users have the choice of visiting either link, although the first one may be more likely to be clicked on because of its position. Even though there is a small ‘Ad’ label next to this link, it would be easy to miss and view the link as a regular search result.
Malwarebytes says this is simply the latest type of search-based malware scams that bad actors have been doing for some time:
Threat actors continue to leverage search ads to redirect users to malicious sites hosting malware. While Bing Chat is a different search experience, it serves some of the same ads seen via a traditional Bing query.
In this case, the malicious actor hacked into the ad account of a legitimate Australian business and created two malicious ads, one targeting network admins (Advanced IP Scanner) and another lawyers (MyCase law manager).
Of course, there is a distinct possibility that users may not be as in tune with threats coming from Bing Chat, given the novelty of the tech. In addition, the nature of conversing with the AI could also lower people’s inhibitions, leading them to click on things they otherwise would not.