Microsoft Bing AI now serves Malware Ads


Thread author
Staff Member
Jan 8, 2011
Malvertising via a Bing Chat conversation

Bing Chat is an interactive text and image application that provides a very different experience for online searches. After six months of it being public, Microsoft celebrated user engagement with over one billion chats.

Ads can be inserted into a Bing Chat conversation in various ways. One of those is when a user hovers over a link and an ad is displayed first before the organic result. In the example below, we asked where we could download a program called Advanced IP Scanner used by network administrators. When we place our cursor over the first sentence, a dialog appears showing an ad and the official website for this program right below it:

Users have the choice of visiting either link, although the first one may be more likely to be clicked on because of its position. Even though there is a small 'Ad' label next to this link, it would be easy to miss and view the link as a regular search result.

Phishing site serves malware



Level 78
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
AI responses may link to malware
AI tools are probably the biggest hype in tech in 2023. Companies have pushed out products or are about to. Bing Chat is one of the most prominent tools available, but there are dozens of others, including Claude AI, Google Bard or ChatGPT that most Internet users may access.

All of these text-based tools work similarly. They react on user input by returning what they believe is the best answer to the query. These answers may include other elements, including links.

All answers need to be verified, as hallucinations are common. Hallucinations are answers that are not factually correct.

It should not come as a surprise that links returned by AI should also be verified. Advertisement will likely see a rise as well and does so already to some extend.

Malwarebytes discovered this week that Microsoft's Bing Chat AI may return ads next to links. When users ask Bing Chat, the AI returns links frequently. Users may hover over a sentence to see the link.

It appears that Microsoft has started to display ads next to these links as well, at least for some users. Attempts to verify this failed, however, which may mean that Microsoft is running limited tests.

The ads are displayed above the organic result, similarly to how ads are displayed by search engines. Companies like Google or Microsoft do that to increase advertising revenue.

Ad labels are easily overlooked and the same is true on Bing Chat currently. A tiny "Ad" label is displayed on the third row of the advertisement in small font. It is difficult for inexperienced Internet users to distinguish between the ad and the organic result.

Many will activate the ad instead of the link that points to the official website as a consequence, and this may lead to the distribution of malware or unwanted programs.

Malwarebytes explains that it send the query "download advanced ip scanner" to Bing Chat, expecting that the official homepage of the network scanner was returned. Bing Chat did return the address, but placed an ad above the organic result, which pointed to an unrelated website.

Malwarebytes followed the link to the unrelated website and logged all activity. Engineers discovered that the linked site's main purpose was to filter traffic to separate "real users" from "bots, sandboxes, or security researchers". The site does so by checking IP addresses, time zones and several other parameters, including whether a virtual machine is used.

Users are redirected to a fake copycat site that includes a download that supposedly installs the network scanner. It contains a malicious payload that will communicate with an external server on execution.
What that means for Internet users

This injection of malware could have happened at any other service that returns links or ads to users. Most free AI tools will show ads eventually, which means that the risk of stumbling upon malicious links is going to increase in the future.

Criminals may create their own accounts at Google, Bing and other advertisers, but this has become more difficult. Some try to take over the advertising accounts of legitimate businesses to push malicious ads this way.

Internet users need to understand that any content that is returned by AI tools is not inherently safer than what search engines or individual sites return. It is important to pay attention and verify text and also links before making use of the information.
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.