Cyber-criminals have been exploiting fraudulent artificial intelligence (AI) bots to attempt and install malicious software under the guise of genuine AI applications.
The campaign was discovered after researchers at ESET found an ad on Facebook promoting the AI writer. However, it seems there were plenty of red flags signifying its dubious content.
The ad copy was littered with bad grammar and spelling mistakes, while the writing style was amateurish and well below the standard expected from a company like Google.
The ad contained several discrepancies that triggered suspicion, ESET security specialist Thomas Uhlemann explained. Notably, the link provided didn’t lead to any recognizable Google domain; instead, it directed users to an unfamiliar service named rebrand.ly, located in Dublin, Ireland.
Closer inspection revealed oddities in the ad’s language and the connected comments section. Commenters’ positive feedback appeared generic, devoid of specific Google-related context. All comments also seemed to be time-stamped at the exact same moment.
This is not the first time criminals have exploited the current AI boom in an attempt to distribute malware. In late March this year, security researchers from CloudSEK discovered an elaborate scheme that sought to distribute malware via a fake ChatGPT app. In this instance, crooks also abused Facebook’s advertising space to promote the scam.
