Researchers at Malwarebytes Labs have discovered that scammers are exploiting the Bing AI chatbot to distribute malicious ads containing phishing links. This poses a significant threat to users who may unknowingly click on these ads and be redirected to phishing sites that distribute malware.


The scammers are able to insert these malicious ads into Bing Chat conversations in various ways, including when a user hovers over a link [2] [3]. These ads are designed to appear legitimate, tricking users into thinking they are safe to click on. However, once clicked, they redirect users to phishing sites that distribute malware [1] [2].

Even when users search for legitimate software [1], sponsored links in Bing Chat’s responses can sometimes lead to fake websites offering malicious downloads [1]. This means that even users who are cautious and searching for legitimate content can still be at risk.

The scammers behind this malicious campaign have implemented filters to separate real victims from bots and security researchers. This demonstrates a level of sophistication and intentionality in their efforts to target unsuspecting users.

Examples of similar malicious ads targeting network admins and lawyers have been provided, highlighting the wide range of individuals who may be affected by this scam.

It is currently unclear whether these malicious ads originate from the Bing search engine itself or if they are introduced through advertising on Bing search results. However, Microsoft has been made aware of the issue and is hopefully taking steps to address it.


This discovery underscores the importance of educating users about the risks associated with malicious ads. Users should exercise caution and refrain from clicking on any ads until content filtering tools improve. Additionally, it is crucial for Microsoft and other search engine providers [2] to enhance their security measures to prevent scammers from exploiting their platforms.

Mitigating the impact of these malicious ads requires a collaborative effort between users, search engine providers, and security researchers [2]. By staying informed and vigilant, users can protect themselves from falling victim to these scams.