Rising Malware Threat: Bing Chat Responses Infiltrated by Malicious Ads
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
Bing Chat, an AI-assisted search engine is facing a serious security issue, as cyber criminals use deceptive ads to lure unsuspecting users to download malwares.
Harnessing the capabilities of OpenAI’s GPT-4, Microsoft launched Bing Chat in February 2023. The interactive text and image search application within a few months achieved impressive user engagement numbers. In a period of six months, the AI powered search tool recorded over 1 billion chats.
The growing popularity of this tool as well as the possibility of incorporating ads into Bing Chat, made it quite popular among advertisers, hoping to reach a large user base.
The discovery was made by researchers at Malwarebytes , who demonstrated this malvertising technique. Users looking for software downloads were tricked into visiting counterfeit websites and prompted to install malicious installers directly from Bing Chat responses.
One of the methods used to display ads in Bing Chat conversations was present when a user hovered over a link, and an ad was displayed preceding the organic search result. The Malwarebytes researchers tried this method by asking the chat how to download the Advanced IP Scanner program used by network administrators.
Despite an ‘Ad’ label being displayed next to these links, users inadvertently would click this seemingly legitimate malvertising link, which would redirect them to the phishing sites.
According to the company, these websites check the users’ IP address, time zone, and various other system settings to filter virtual machines from real users. These users were then sent to fake sites mimicking official ones, while virtual ones were sent to decoy pages. The next step was to trick the users into downloading and installing the malicious installer.
‘’Threat actors continue to leverage search ads to redirect users to malicious sites hosting malware,’’ said the company. In this case, an unknown hacker had hacked into a legitimate Australian business ad account and created two separate ads.
The researchers also highlighted the need for users to stay vigilant when they click on links and visit websites. They also recommended use of security tools that provide web protection, help detect malware and block ads. This security incident was reported to Microsoft by Malwarebytes.
Booking.com Users: New Targets in Ongoing Phishing Campaign
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
Booking.com continues to be on the radar of threat actors. Earlier this month , researchers at Perception Point found unknown hackers using multi-step social engineering techniques to target hotels and travel agencies registered with the site.
This week, Perception Point again revealed a new large-scale phishing campaign targeting the website users (hotel guests). Hackers were observed deploying a four-step information stealing campaign to gain unauthorized access to hotel systems; subsequently accessing guests’ booking information to launch phishing attacks.
On gaining control of the official Booking.com account, the hackers were observed accessing various personal information of customers, used to create reservations on the website.
Harvested data like full names, booking dates, hotel details, and partial payment methods were then used to craft personalized messages. By creating a sense of urgency, targeted victims were informed to provide their credit card details within 24 hours to avoid booking cancellation. This step was conducted again as a ‘verification test’ by the threat actors.
The final fruition involved redirecting the targets to a seemingly legitimate Booking.com phishing page. The page was pre-filled with the target’s personal information, used for booking. ‘’The URL, designed to further deceive, follows the pattern: ‘booking.id(numbers).com’ or ‘booking.reserve-visit.com,’’ Perception Point explained. Once on the page, the targets were asked to re-enter their bank and credit card details. Unbeknownst to them, that they were becoming potential targets for financial frauds.
By using this approach and mimicking Booking.com, cybercriminals found a novel approach to gather victims’ information and commit financial frauds.
The cyber intelligence company disclosed that this campaign has had a far-reaching effect, with the inclusion of many hotels and resorts worldwide. ‘’The financial implications are severe, but the breach of trust and the potential misuse of personal data could have even more far-reaching consequences,’’ the researchers revealed .
To avoid falling victim to the fraud, it’s essential that users scrutinize URLs before clicking on them. Always be wary of emails and messages requesting immediate actions, contact service providers through official channels when in doubt, share knowledge about various cyber threats with friends and the community at large, and always monitor their bank and credit card accounts for unauthorized transactions.
