Users of Bing Chat, the GPT-4-powered search engine Microsoft introduced earlier this year, are being targeted with ads leading to malware. Potential victims are prompted to download the installer, which contains three files, one of which is a heavily obfuscated malicious script. When the installer is run, the script connects to an external IP address and retrieves an additional payload.
Using malicious ads served by search engines is a popular way for threat actors to trick users into downloading malware. This year has seen a significant jump in malvertising via Google Ads to deliver malicious payloads such as LOBSHOT, an infostealer/remote access trojan.