Cybersecurity researchers have discovered a new technique that allows cybercriminals to bypass X's (formerly Twitter) ad protections and spread malicious links using the platform's AI assistant, Grok.
The technique, called "Grokking," involves hackers posting a video ad with adult content as bait. The malicious link is hidden in the video's metadata, a field that X's ad scanners apparently do not check. The criminals then tag Grok in a reply to the post, asking, "where is this video from?" Grok's response includes the hidden malicious link, making it publicly visible.
Because the link is then associated with Grok, a trusted system account, it gains credibility and is amplified through the platform's algorithms and search results. Users who click the link are sent to fraudulent ad networks that push fake CAPTCHA scams, information-stealing malware, and other malicious content.
The security firm Guardio Labs identified hundreds of accounts using this method, with each account making thousands of similar posts before being suspended. The accounts are part of an organized and widespread effort to exploit the AI assistant for malvertising.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
