Ethical Hacking News
Cybercriminals have found a way to bypass X's malvertising protections using its AI assistant Grok. Millions of users are at risk as malicious links spread through the platform, highlighting the need for improved security measures.
Cybercriminals have found a way to bypass social media platform X's malvertising protections using AI assistant Grok. The technique, called "Grokking," takes advantage of the limitations in X's Promoted Ads feature and uses spurious links hidden in metadata fields. Malvertisers use adult content video posts as bait to infect users' devices with malicious software via these hidden links. The AI chatbot Grok responds to user queries, amplifying the link through search engine optimization (SEO) and domain reputation. The malicious links direct users to phishing scams, malware, or suspicious content via direct link monetization. Guardio Labs has discovered hundreds of accounts engaging in this behavior, with many perpetrators involved and a high level of organization.
In a disturbing turn of events, cybersecurity researchers have exposed a new technique employed by cybercriminals to bypass social media platform X's malvertising protections and spread malicious links to millions of users. The cunning approach involves utilizing the AI assistant Grok, which is designed to provide assistance and answer questions on the platform.
According to Nati Tal, head of Guardio Labs, the technique has been codenamed "Grokking," and it is a sophisticated method that takes advantage of the limitations in X's Promoted Ads feature. The platform allows users to only include text, images, or videos in their posts, but cybercriminals have found ways to bypass these restrictions.
To achieve this, malvertisers have been running video card-promoted posts with adult content as bait. These posts contain a spurious link hidden in the "From:" metadata field below the video player, which is not scanned by X's system. The link appears to be innocuous at first glance but contains malicious software that can infect users' devices.
The next step in this scheme involves tagging Grok in replies to the post, asking something similar to "where is this video from?" This prompt elicits a visible response from the AI chatbot, which displays the link in question. The link is then amplified in search engine optimization (SEO) and domain reputation, making it more visible to users.
Guardio Labs has discovered that these malicious links direct users to sketchy ad networks, sending them to phishing scams, malware, or other suspicious content via direct link monetization. These domains are typically part of the same Traffic Distribution System (TDS), which is used by malicious ad tech vendors to route traffic to harmful or deceptive content.
The cybersecurity company has found hundreds of accounts engaging in this behavior over the past few days, with each account posting hundreds or even thousands of similar posts before being suspended for violating platform policies. This indicates that there are many perpetrators involved and a high level of organization among them.
This development highlights the ongoing cat-and-mouse game between social media platforms and cybercriminals. As AI-powered tools like Grok become more prevalent, it is becoming increasingly important for these platforms to stay vigilant and adapt their security measures to prevent such exploits.
In light of this new threat, users are advised to exercise caution when interacting with posts that contain suspicious links or use AI-generated responses. By being aware of these tactics, users can reduce the risk of falling victim to malicious attacks.
As the cybersecurity landscape continues to evolve, it is essential for social media platforms and online service providers to prioritize security measures and stay ahead of emerging threats like this one.
Related Information:
https://www.ethicalhackingnews.com/articles/Cybercriminals-Lure-Millions-to-Malicious-Links-via-Social-Medias-AI-Assistant-ehn.shtml
https://thehackernews.com/2025/09/cybercriminals-exploit-xs-grok-ai-to.html
https://www.techradar.com/pro/security/cybercriminals-are-using-jailbroken-ai-tools-from-mistral-and-grok-to-build-powerful-new-malware
Published: Thu Sep 4 06:28:01 2025 by llama3.2 3B Q4_K_M
