Microsoft Is Reportedly Allowing Malicious Ads To Be Served On Bing AI Chat

by | Oct 31, 2023

Beginning of this year,Microsoft the tech giant has announced the Bing AI Chat that can offer the users an intuitive way of interacting with the Bing search engine which is powered by OpenAI’s GPT-4. Since its inception, Bing AI has received several updates to improve the experience as well as it is bringing new features.

Though Microsoft has tried challenging other AI available on internet, it looks like Microsoft’s chatbot is not as perfect as other AI chat bots. As we all know that major tech giants make most of their revenue from advertising, it wasn’t surprising to see Microsoft has introduced advertisements into Bing Chat shortly after its release. However, online ads have comes with huge security risks and threats.

According to a report published by Malwarebytes, Bing’s AI is serving malicious advertisments to the users. While, everyone had expected Microsoft to inject ads into the Bing AI, currently the company is allowing bad actors to push malicious websites to unsuspecting users.

Bing AI has come under scrutiny for occasionally including sponsored ads in its responses to user queries, potentially leading to unintended consequences. A notable incident involved Malwarebytes seeking guidance on downloading Advanced IP Scanner, only to be directed to a malicious site instead of the official one.

Despite Microsoft’s inclusion of a small ad label near the link, the risk lies in users potentially overlooking it, unwittingly putting their systems in jeopardy. In this case, the malicious ad led to a deceptive website mimicking the official Advanced IP Scanner site. The executable installer attempted to connect to an external IP address, with the ultimate intent remaining undisclosed.

Upon clicking the initial link, users were redirected to mynetfoldersip[.]cfd, a site designed to filter and segregate real users from bots, sandboxes, or security researchers. This involved scrutinizing IP addresses, time zones, and system settings like web rendering to identify virtual machines.

Genuine users were further redirected to a fake site (advenced-ip-scanner[.]com), resembling the official one, while others landed on a decoy page. Subsequently, victims were prompted to download the supposed installer. The MSI installer contained three different files but only one is malicious and is a heavily obfuscated script as shown in the below image.

While this incident stands as a singular example, there is a concern that others might exploit a potential vulnerability in Microsoft’s ad screening process. Creating a Microsoft ad account and running deceptive campaigns could pose a risk, suggesting a need for more rigorous campaign scrutiny to ensure compliance with guidelines and protect users.