Key Takeaways Bing Chat's ad system is reportedly serving malicious ads with phishing links, tricking users into visiting websites that distribute malware.

Researchers found that sponsored links in Bing Chat's responses sometimes lead to fake websites offering malicious downloads, even when users search for legitimate software.

Microsoft is currently not effectively vetting the ads in Bing Chat, but Malwarebytes has reported the issue and it remains to be seen if Microsoft will take action.

The Bing AI chatbot is reportedly serving dubious ads with malicious links. That's according to researchers at Malwarebytes, who say scammers are using 'malvertising' to trick unsuspecting Bing Chat users into visiting phishing sites that serve malware. Bing Chat has been serving ads since earlier this year as part of Microsoft's efforts to monetize the chatbot, but the propagation of malicious ads on the platform is a disturbing development.

Bing Chat currently puts advertisements in conversations in multiple ways, including adding sponsored links to text when responding to user queries. When the user hovers over the link, the first result displayed is the ad, followed by the organic search result. The researchers at Malwarebytes say that they found the sponsored link can sometimes lead to phishing sites designed to trick people into installing malicious apps.

As an example, the researchers asked Bing Chat for download links to a well-known network management program called Advanced IP Scanner. While the second link provided by the chatbot was the original download link, the sponsored link at the top of the search queries took the users to a fake website that mimicked the official Advanced IP Scanner website and offered a malicious installer for download. When the researchers downloaded the installer and ran the executable MSI file, the script tried to connect to an external IP address to download the malicious payload.

Curiously, Malwarebytes did not specify what exactly the malicious payload does, but it could be anything from relatively innocuous adware to something much more sinister, like spyware or ransomware. As things stand now, Microsoft is not really vetting the ads being served within Bing Chat, or even if it is, it seems fairly easy to bypass the company's safeguards against malicious advertising. Malwarebytes says that it has reported its findings to Microsoft, so it will be interesting to see if the company acts on it and roots out dubious ads from Bing Chat for good.