AI responses may link to malware

Martin Brinkmann
Sep 30, 2023

AI tools are probably the biggest hype in tech in 2023. Companies have pushed out products or are about to. Bing Chat is one of the most prominent tools available, but there are dozens of others, including Claude AI, Google Bard or ChatGPT that most Internet users may access.

All of these text-based tools work similarly. They react on user input by returning what they believe is the best answer to the query. These answers may include other elements, including links.

All answers need to be verified, as hallucinations are common. Hallucinations are answers that are not factually correct.

It should not come as a surprise that links returned by AI should also be verified. Advertisement will likely see a rise as well and does so already to some extend.

Malwarebytes discovered this week that Microsoft's Bing Chat AI may return ads next to links. When users ask Bing Chat, the AI returns links frequently. Users may hover over a sentence to see the link.

It appears that Microsoft has started to display ads next to these links as well, at least for some users. Attempts to verify this failed, however, which may mean that Microsoft is running limited tests.

The ads are displayed above the organic result, similarly to how ads are displayed by search engines. Companies like Google or Microsoft do that to increase advertising revenue.

Ad labels are easily overlooked and the same is true on Bing Chat currently. A tiny "Ad" label is displayed on the third row of the advertisement in small font. It is difficult for inexperienced Internet users to distinguish between the ad and the organic result.

Many will activate the ad instead of the link that points to the official website as a consequence, and this may lead to the distribution of malware or unwanted programs.

Malwarebytes explains that it send the query "download advanced ip scanner" to Bing Chat, expecting that the official homepage of the network scanner was returned. Bing Chat did return the address, but placed an ad above the organic result, which pointed to an unrelated website.

Malwarebytes followed the link to the unrelated website and logged all activity. Engineers discovered that the linked site's main purpose was to filter traffic to separate "real users" from "bots, sandboxes, or security researchers". The site does so by checking IP addresses, time zones and several other parameters, including whether a virtual machine is used.

Users are redirected to a fake copycat site that includes a download that supposedly installs the network scanner. It contains a malicious payload that will communicate with an external server on execution.

What that means for Internet users

This injection of malware could have happened at any other service that returns links or ads to users. Most free AI tools will show ads eventually, which means that the risk of stumbling upon malicious links is going to increase in the future.

Criminals may create their own accounts at Google, Bing and other advertisers, but this has become more difficult. Some try to take over the advertising accounts of legitimate businesses to push malicious ads this way.

Internet users need to understand that any content that is returned by AI tools is not inherently safer than what search engines or individual sites return. It is important to pay attention and verify text and also links before making use of the information.

Now You: do you use AI tools regularly already?

AI responses may link to malware
Article Name
AI responses may link to malware
Security researchers discovered that responses by AI tools, such as Bing Chat, may link to malicious content.
Ghacks Technology News

Previous Post: «
Next Post: «


  1. plusminus_ said on October 1, 2023 at 5:07 am

    Not at all. At one point I felt like I might be missing out on increased productivity from using AI tools (having seen people being able to essentially outsource their work to these things) but I haven’t been able to come up with a single use case, personally.

  2. Tom Hawack said on September 30, 2023 at 5:39 pm

    I don’t use AI tools at all. As if AI hallucinations weren’t enough they now start pairing them with ads, which have always been hallucinations in my view, so they’re both made for one another. AI for pros: yes, for the masses: no.

  3. Kalmly said on September 30, 2023 at 5:29 pm

    Lovely! An informative article by Martin Brinkman followed by related comments dated the same day as said article. Hope is on the rise.

    1. VioletMoon said on September 30, 2023 at 5:40 pm

      @Kalmly–Isn’t it refreshing!

      “Do you use AI tools regularly already?”

      No, not at all. Not so much against AI, but I haven’t found it useful–useful in the sense it finds information/links that I can’t find with a simple search.

      Links to malware, more advertising. More manipulation and privacy invasion–along with dirty payloads. Of course! Did users expect something different?

  4. Anonymous said on September 30, 2023 at 10:50 am

    Isn’t selling more advertising the aim of commercial developers! Suck in the punters then advertise. It would be naive to think otherwise.

  5. 790 said on September 30, 2023 at 10:30 am

    No, I don’t use “artificial hallucination”. However, some of the articles certainly appear to do so rather than bothering to fact-check first. Using common sense helps instead of blindly clicking on adverts or the first object to appear in a set of results.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.