Bing Chat: Beware, malicious links may hide in the answers
Picture: Maria Diaz/ZDNET.
Free, connected to the internet, powered by GPT-4, multimodal and more accessible, Microsoft’s chatbot, Bing Chat, is becoming more and more popular compared to its competitor ChatGPT.
But if you use it regularly, be careful! Indeed, an investigation shows that his answers may contain links to malicious software.
Malvertising and Bing Chat
A month after the launch of its chatbot, last March, Microsoft began experimenting with the placement of advertisements in Bing Chat responses.
The ads are part of the chat experience, and are found both in the footnotes and when the user hovers over the response.
It is these advertisements that are now being used for malvertising purposes, reports Malwarebytes. Malvertising is a practice that consists of using online advertisements to spread malware in order to infiltrate the devices of unsuspecting users.
Malicious ads that are more visible than the real ones
According to the Malwarebytes report, scammers insert their malicious ads in such a way that they appear before the organic result is announced in the ad hover experience in Bing Chat.
For example, as can be seen below with the search results on the Advanced IP Scanner, the first link that appears is malicious advertising. The organic ad is below, smaller – and will probably not be seen by the user.
Picture: Malwarebytes.
If they click on the first link, users end up on a website that filters traffic, to separate the real victims from the robots. Then, the real victims are redirected to a “decoy” page where they are prompted to click on the “free download” button to download the installer which contains malicious files.
To carry out this scam, the scammers must have previously hacked the advertising account of a real company and created malicious advertisements.
Some rules of caution
To avoid this type of scam, the solution is not necessarily to stop using Bing Chat. By the way, you can encounter these malicious advertisements anywhere on the internet.
Rather, be careful before clicking on a link, and always check that a site is legitimate before downloading a program to your device.
Source: ZDNet.com