Cybersecurity researchers are flagging new techniques cybercriminals have adopted to bypass fraud protection on social media platform X and use Artificial Intelligence (AI) Assistant Grok to propagate malicious links.
The findings were highlighted by Nati Tal, Head of Guardio Labs, in a series of posts on X. This technique is codename glowing.
This approach is designed to avoid the restrictions imposed by X in promotional ads that allow users to include only text, images and videos and then amplify them to a larger audience, attracting hundreds of thousands of impressions through paid promotions.
To achieve this, Malbertisers does not appear to be scanned by social media platforms in the metadata field under the video player where fake links are hidden in “From:”.
In the next step, the scammer will tag a reply to the post, ask something similar to “Where is this video?” and prompt the AI chatbot to respond to the link visible.
“Add to that, it’s now amplified with SEO and domain reputation. After all, it was echoed by Glock on a post with millions of impressions,” Tal said.
“The malicious link that X explicitly bans in ads (and should have been blocked entirely!) suddenly appears in posts on a system-trusted Grok account, sitting under a virus-promoted thread, spreading straight across millions of feeds and search results!”
Guardio said the links will lead users to a sketchy ad network and send fake Captcha scams, information-stealing malware and other suspicious content to malicious links that push through Direct Link (aka SmartLink) monetization.
A domain is rated as part of the same Traffic Delivery System (TDS). This is often the case that malicious ad technology vendors route traffic to harmful or deceptive content.
The cybersecurity company told Hacker News that it discovered that hundreds of accounts have been involved in the behavior over the past few days, each posting hundreds or thousands of similar posts.
“It appears they’re posting nonstop for several days until their accounts are suspended for breach of platform policy,” he added. “So there’s definitely a lot of them and it looks very organized.”
Source link
