Cybercriminals Exploit X’s Grok AI to Enhance Malicious Links Through Sponsored Posts
A new cyber-attack, known as “Grokking,” is exploiting features on the social media platform X to disseminate malicious links on a large scale. Scammers are manipulating X’s advertising system and its generative AI, Grok, to circumvent security measures and amplify harmful domains. This technique effectively turns X’s own tools into unwitting accomplices in a widespread malvertising scheme. According to GuardioSecurity researcher Nati Tal, the attack initiates with malware promoting “video card” posts, often featuring explicit or sensational adult content to attract users. Although X’s policies aim to combat malvertising by prohibiting links in promoted content, attackers have discovered a critical loophole. The malicious link is embedded in the small “From:” field beneath the video player, an area that X’s automated security scans appear to overlook. Consequently, these posts can achieve anywhere from 100,000 to over 5 million paid impressions.
The second phase of the attack utilises the platform’s AI assistant, Grok. Curious users, intrigued by the often anonymous videos, frequently consult Grok to inquire about the source. In its attempt to provide a helpful response, the AI scans the post for information and extracts the domain name from the “From:” field. Grok then presents this malicious link directly to the user in its reply. For example, when asked about a video’s origin, Grok has been observed responding with links to suspicious domains, as noted by Nati Tal. This process effectively “Grokks” the malicious link, delivering it to inquisitive users while amplifying its visibility and perceived legitimacy. By having the platform’s own AI reference the domain, scammers may gain enhanced SEO and a bolstered reputation for their harmful sites, making them appear more trustworthy to unsuspecting users.
Categories: Cyber-Attacks, Malvertising, Social Media Security
Tags: Cyber-attack, Grokking, Malicious links, Social media, Malvertising, Advertising system, Generative AI, Security measures, SEO, Promoted posts