It seems that Microsoft’s artificial intelligence has major security flaws.
The era of artificial intelligence has reached our daily lives and millions of people already use platforms from companies like OpenAI to carry out faster procedures or to get inspired with image generators like DALL-E or Midjourney. Bing Chat arrived on the scene a few months ago, as a response to ChatGPT by Microsoft, but it could have a unexpected setback.
Bing Chat vs Malware
The news has spread like wildfire on specialized websites and social networks. According to the company Malwarebytesit seems that some of the advertisements that appear among the responses to user requests could contain dangerous links for the computers from which they connect.
Our threat intelligence research on malicious ads being served inside Bing’s AI chatbot. What you need to know to stay safe. 👇 https://t.co/LfhavNWJ4o
— Malwarebytes (@Malwarebytes) September 28, 2023
In case you didn’t know, Bing Chat also includes sponsored content in search results. In this case, the Malwarebytes researchers They asked Microsoft’s AI if it could show them where to download a network administration program called Advanced IP Scanner. To his surprise, hovering the mouse cursor over the first sentence of the result opened a dialog box with two linksthe first sponsored and the second official.
Simply because of that positioning, users tend to click on the first linkwhich in this case would lead them to a website capable of discerning if whoever enters is a real userwho can be fooled, or a bot or security researcher.
Bing Chat responses infiltrated by ads pushing malware – @billtoulashttps://t.co/CNkgc6hMT7
— BleepingComputer (@BleepinComputer) September 28, 2023
When a user is detected, it is automatically referred to the fraudulent websitewhere you will have the possibility to download a MSI package of installation. Little else is known about the type of fraud or crime that is being attempted with it, given that Malwarebytes researchers have only been able to verify how the program communicates with an IP address.
It seems that the way to proceed of cybercriminals would be infiltrate on the page from which the companies insert advertisements in Bing Chat and once inside integrate the malicious links to trick those who are unlucky enough to find a sponsored result. By the way, Microsoft is already aware of this type of practicesin addition to other malicious ads that could put their users’ computer equipment in check.