Microsoft Bing AI Chatbot Infected with Malicious Ads

Cybercriminals inserted malicious ads into Microsoft Bing AI chatbot leading to infected software downloads.


  • Cybercriminals inserted malicious ads into the Microsoft Bing AI chatbot.
  • Users who clicked on the ads were directed to a malicious website that asked them to download and run a software program.
  • The bad actors hacked into the Microsoft Ads account of a legitimate Australian business to run the ads on Bing Chat.

Microsoft Bing AI chatbot users were exposed to malicious ads that led them to download infected software, according to Malwarebytes Labs, a security research firm. The cybercriminals behind the attack used sophisticated techniques to evade detection and target specific victims searching for downloads.

Malwarebytes Lab reported that the attackers inserted the ads into the Bing chatbot conversations when users hovered over a link provided by the chatbot. The popup window showed two links. The first link was a paid ad leading to a malicious website that initiated a potentially trojanized software download. The second link was the organic source cited in the Bing chatbot conversation.

Image Credit: Malwarebytes Labs

“Users have the choice of visiting either link, although the first one may be more likely to be clicked on because of its position,” wrote Jérôme Segura, Director of Threat Intelligence at Malwarebytes Labs. “Even though there is a small ‘Ad’ label next to this link, it would be easy to miss and view the link as a regular search result.”

The paid ad link led to mynetfoldersip(.)cfd, a malicious website that analyzed the traffic to filter out bots, sandboxes, and security researchers by checking various characteristics of the visitors, such as their IP addresses, time zones, virtual machine rendering, and others. If the visitor was deemed to be a real human, they were redirected to another spoofed domain, advenced-ip-scanner(.)com, which mimicked the official site of Advanced IP Scanner, a network scanning tool, through typosquatting.

The victims of the Bing chatbot ad were then prompted to download an MSI installer that contained three files, one of which was a malicious and heavily obfuscated script. The script contacted an external IP address, presumably to receive additional payloads from the attackers. However, the researchers did not follow through to identify the final payload or the attackers’ objectives.

Malwarebytes Labs researchers traced the source of the malicious Bing ads to a compromised Australian business. The cybercriminals hacked into the Microsoft Ads account and created two malicious ads, one targeting network admins (Advanced IP Scanner) and another targeting lawyers (MyCase law manager).

This incident exposes a continued threat to users of AI chatbots like Bing Chat which must be closely monitored by cyber security engineers.

In 2022, the Federal Bureau of Investigation released a public service announcement stating: “Cybercriminals are using search engine advertisement services to impersonate brands and direct users to malicious sites that host ransomware and steal login credentials and other financial information.”

The FBI also shared these tips to protect yourself against malicious advertising schemes:

  • Before clicking on an advertisement, check the URL to make sure the site is authentic. A malicious domain name may be similar to the intended URL but with typos or a misplaced letter.
  • Rather than search for a business or financial institution, type the business’s URL into an internet browser’s address bar to access the official website directly.
  • Use an ad blocking extension when performing internet searches. Most internet browsers allow a user to add extensions, including extensions that block advertisements. These ad blockers can be turned on and off within a browser to permit advertisements on certain websites while blocking advertisements on others.

The FBI recommends businesses take the following precautions:

  • Use domain protection services to notify businesses when similar domains are registered to prevent domain spoofing.
  • Educate users about spoofed websites and the importance of confirming destination URLs are correct.
  • Educate users about where to find legitimate downloads for programs provided by the business.


Malwarebytes Labs discovered that Microsoft Bing AI chatbot users were exposed to malicious ads that led them to download infected software. The malicious ads appeared in Bing Chat conversations when users hovered over a link provided by the chatbot. Researchers traced the source of the malicious ads to a legitimate Australian business that had its Microsoft Ads account hacked.

دیدگاهتان را بنویسید