"The approach is designed to get around restrictions imposed by X in Promoted Ads that allow users to only include text, images, or videos, and subsequently amplify them to a broader audience, attracting hundreds of thousands of impressions through paid promotion. To achieve this, malvertisers have been found to run video card-promoted posts with adult content as bait, with the spurious link hidden in the "From:" metadata field below the video player that apparently isn't scanned by the social media platform."
"In the next step, the fraudsters tag Grok in replies to the post, asking something similar to "where is this video from?," prompting the AI chatbot to visibly display the link in response. "Adding to that, it is now amplified in SEO and domain reputation - after all, it was echoed by Grok on a post with millions of impressions," Tal said. "A malicious link that X explicitly prohibits in ads (and should have been blocked entirely!) suddenly appears in a post by the system-trusted Grok account, sitting under a viral promoted thread and spreading straight into millions of feeds and search results!""
Cybercriminals have developed a technique called Grokking that uses X's AI assistant Grok to expose malicious links hidden in promoted video posts. Attackers place malicious links in the "From:" metadata field beneath video players, which is not scanned by X's ad filters. Fraudsters then tag Grok in replies asking for the video's source, prompting Grok to display the link visibly. The visible links gain impressions from promoted posts and are amplified in search results and domain reputation. The links route users to ad networks and Traffic Distribution Systems that deliver fake CAPTCHA scams, malware, and other deceptive content via smartlinks.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]