As regular as the day becomes night, scammers are always on the lookout for new opportunities, and according to a new report today, that new opportunity is Microsoft Corp.’s artificial intelligence chatbot Bing Chat.

Malwarebytes Labs wrote that scammers are now targeting Bing Chat users with malicious ads within the chatbot. Ads can be inserted into a Bing Chat conversation in various ways, such as when a user hovers over a link and an ad is displayed first before the organic result.

In one example (pictured), Bing Chat delivered a malicious ad when asked for details on where to download a program called Advance IP scanner. The ad itself appears to be legitimate but it takes users to a phishing site that also serves malware.

Where the malicious campaign becomes interesting is that the site filters traffic and separates real victims from bots, sandboxes and security researchers. It does so by checking the user’s IP address, time zone and various other system settings, such as web rendering that identifies virtual machines. Real humans are then directed to a fake site that mimics the official site, while others are sent to a decoy page.

The Malwarebytes researchers show further examples of similar malicious ads appearing in Bing Chat that have the sole purpose of redirecting users to malicious websites hosting malware. In another example, a search for a legitimate Australian business delivered two malicious ads, one targeting network admins and another targeting lawyers.

Not covered in the Malwarebytes report is whether these ads are coming into Bing Chat from the Bing search engine. That there are malicious ads in Bing Chat is undoubtedly bad, but it’s possible, if not likely, that they are being introduced into the chatbot via advertising on Bing search results.

Microsoft launched Bing Chat, powered by OpenAI LP’s ChatGPT-4, in February. The company first started testing ads in the service in March.

“Malicious ads have been a problem for decades,” Roger Grimes, data-driven defense evangelist at cybersecurity company KnowBe4 Inc., told SiliconANGLE. “This is just a current example of them being used in AI-related tools.”

Grimes noted that malicious ads and the legitimacy they have with many viewers makes them ripe for exploitation and because of this, it’s imperative that users must be trained to understand that internet ads cannot be trusted.

Users “need to understand the concept of malicious poisoned ads, how to recognize them and be told to make sure they don’t click on them,” Grimes added. “Until content filtering tools are better at detecting and preventing them, education is really the only way to fight them.”

Image: Malwarebytes