Cybercriminals Use X’s Grok AI to Get Past Ad Defenses and Infect Millions with Malware
Cybercriminals Use X’s Grok AI to Get Past Ad Defenses and Infect Millions with Malware
Researchers studying cybersecurity have identified a new tactic used by hackers to get over social media site X’s anti-malvertising safeguards and spread harmful links through its artificial intelligence (AI) helper, Grok.
In a series of blogs on X, Nati Tal, the head of Guardio Labs, highlighted the findings. Grokking is the codename for the method.
The strategy is intended to circumvent X’s limitations on Promoted Ads, which limit users to adding either text, photos, or videos. By using sponsored promotion, users may then magnify these ads to a larger audience and garner hundreds of thousands of impressions.
Malvertisers use video card-promoted posts containing pornographic content as bait to accomplish this, hiding the bogus link in the “From:” metadata field beneath the video player, which the social media platform doesn’t seem to analyze.
The scammers then tag Grok in their responses to the post, posing a question along the lines of “Where is this video from?” which causes the AI chatbot to prominently display the link.
“Adding to that, it is now amplified in SEO and domain reputation – after all, it was echoed by Grok on a post with millions of impressions,” Tal stated.
“A malicious hyperlink that X explicitly forbids in ads (and should have been blocked entirely!) unexpectedly appears in a post by the system-trusted Grok account, sitting under a viral promoted thread and spreading straight into millions of feeds and search results!”
According to Guardio, the links lead users to dubious ad networks, which in turn take them to dangerous links that leverage direct link (also known as smartlink) monetization to spread malware that steals information, phony CAPTCHA fraud, and other dubious content.
The domains are evaluated as belonging to the same Traffic Distribution System (TDS), which malicious ad tech suppliers frequently utilize to direct users to hazardous or misleading material.
The cybersecurity firm informed News4Hackers that throughout the last few days, it has discovered hundreds of accounts exhibiting this behavior, each of which has published hundreds or perhaps thousands of posts that are similar.
“They seem to be posting non-stop for several days until the account gets suspended for violating platform policies,” it stated. “So there are definitely many of them, and it looks very organized.”
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blogs, he also writes for brands including Craw Security, Bytecode Security, and NASSCOM.
Read More:
WhatsApp Scam: Hackers Could Steal Your Chats, Putting You at Serious Risk
About Author
English