2025-10-21 Post a Comment

Cybercriminals Exploit X’s Grok AI to Bypass Ad Protections and Spread Malware to Millions

Ravie Lakshmanan

Cybersecurity researchers have flagged a new technique that cybercriminals have adopted to bypass social media platform X’s malvertising protections and propagate malicious links using its artificial intelligence (AI) assistant Grok.

The findings were highlighted by Nati Tal, head of Guardio Labs, in a series of posts on X. The technique has been codenamed Grokking.

The approach is designed to get around restrictions imposed by X in Promoted Ads that allow users to only include text, images, or videos, and subsequently amplify them to a broader audience, attracting hundreds of thousands of impressions through paid promotion.

To achieve this, malvertisers have been found to run video card-promoted posts with adult content as bait, with the spurious link hidden in the “From:” metadata field below the video player by taking advantage of the fact that it’s not scanned by the social media platform.

It’s worth mentioning here that the “From:” field is typically used to indicate the original poster of the video, but has been repurposed by the scammers in this campaign to share a link instead.

In the next step, the fraudsters tag Grok in replies to the post using a throwaway account, asking something similar to “where is this video from?,” prompting the AI chatbot to visibly display the link in response.

“Adding to that, it is now amplified in SEO and domain reputation – after all, it was echoed by Grok on a post with millions of impressions,” Tal said.

“A malicious link that X explicitly prohibits in ads (and should have been blocked entirely!) suddenly appears in a post by the system-trusted Grok account, sitting under a viral promoted thread and spreading straight into millions of feeds and search results!”

Guardio said the links direct users to sketchy ad networks, sending them to malicious links that push fake CAPTCHA scams, information-stealing malware, and other suspicious content via direct link (aka smartlink) monetization.

The domains are assessed to be part of the same Traffic Distribution System (TDS), which is often used by malicious ad tech vendors to route traffic to harmful or deceptive content.

The cybersecurity company told The Hacker News it has found hundreds of accounts engaging in this behavior over the past few days, with each of them posting hundreds or even thousands of similar posts.

“They seem to be posting non-stop for several days until the account gets suspended for violating platform policies,” it added. “So there are definitely many of them and it looks very organized.”

alt=A person types on a laptop with a digital overlay of a lock and password field, symbolizing online security and authentication.

Cyber security

2025-10-21 Post a Comment

‘Phantom hacker’ scam that targets the elderly has stolen over $1B in the past 12 months

Story by Harry Cockburn

The FBI is warning about a sophisticated “phantom hacker” scheme specifically targeting the elderly, and which has drained more than a billion dollars from victims’ retirement accounts in the U.S. over the past year.

View on Watch

Though similar scams have been used for years, improvements in AI are making some scams more convincing, resulting in a “recent nationwide increase”, the FBI said.

AI is now being deployed to mimic voices, making phone calls sound like they’re coming from your bank or even friends and family.

Fraudsters can also manipulate caller ID displays so the number appears to be legitimate.

The bureau said the latest scams are an “evolution of more general tech support scams”, and use several layers of deception to target the most lucrative accounts.

This includes deploying fake tech support, as well as fake bank and government personas to win victims’ trust and believe a false narrative.

“Victims often suffer the loss of entire banking, savings, retirement, or investment accounts under the guise of ‘protecting’ their assets,” the FBI said.

Agent Charles Johnston of the Cleeveland FBI told reporters on Thursday: “They sound very legitimate, and when somebody – a victim – believes their account’s in jeopardy, they’re willing to take steps that they probably wouldn’t take if they thought it through.”

The scam typically begins with a text, email, or computer pop?up posing as a message from customer support.

This directs people to install software on their computers providing the fraudsters with remote access and potentially allowing them to see victims’ finances.

The next step is that victims are then contacted by someone claiming to be from their bank – but who is an imposter – who tells them their computer and financial accounts have been hacked, and that they should consider moving their money to a secure U.S. Government entity – such as the Federal Reserve, to safeguard the funds.

The final step is that a further phony call is made from someone pretending to be from the government – who may even provide falsified documents that appear to be legitimate who will help the transfer of the funds.

After this, the fraudsters have the money.

Due to the fact that victims have moved the money themselves it can be very difficult to recover lost funds.

“Don’t call those phone numbers in the popups, don’t click those links in the emails,” Agent Johnston added.

The FBI has warned that AI-enabled scams are up 600 per cent in the last year, with experts warning that it’s only getting more convincing.

The FBI’s advice to those who think they may be being scammed is:

Slow down and think. Scammers deliberately create a sense of urgency and panic within victims to convince them to act immediately.
Know that legitimate companies will never call you and offer tech support out of the blue. If you get a call like this, hang up.
Never let someone claiming to be tech support to have remote access to your computer or other device.

The Independent has contacted the FBI for further comment.

alt=A faceless figure in a dark hoodie holding a smartphone, set against a shadowy background, evokes a sense of mystery and anonymity.

Cyber security

2025-10-08 Post a Comment

A CRM for cybercriminals – SpamGPT makes cybercriminals’ wildest dreams come true with business-grade marketing tools and features

Story by Efosa Udinmwen

SpamGPT turns phishing into an automated process with minimal expertise
Attackers can rotate multiple SMTP servers to dodge email throttling
Real-time inbox monitoring enables immediate adjustments to phishing strategies

Many of us are familiar with ChatGPT, but you may not have heard of SpamGPT, a new professional-grade email campaign tool created for cybercriminals.

Researchers at Varonis have revealed this platform offers “all the conveniences a Fortune 500 marketer might expect, but adapted for cybercrime.”

Its interface copies legitimate marketing dashboards, enabling attackers to design, schedule, and monitor large-scale spam and phishing operations with minimal technical expertise.

Infrastructure and deliverability capabilities

By integrating AI tools directly into the platform, SpamGPT can generate convincing phishing content, refine subject lines, and suggest optimizations for scams.

This shifts phishing from a craft requiring skill to a process that even low-level criminals can execute.

“SpamGPT is essentially a CRM for cybercriminals, automating phishing at scale, personalizing attacks with stolen data, and optimizing conversion rates much like a seasoned marketer would. It’s also a chilling reminder that threat actors are embracing AI tools just as fast as defenders are,” said Rob Sobers, CMO at Varonis.

SpamGPT’s built-in modules handle SMTP/IMAP setup, inbox monitoring, and deliverability testing.

Attackers can bulk import SMTP credentials, validate them through a built-in checker, and rotate multiple servers to avoid throttling.

IMAP monitoring allows them to observe replies, bounces, and inbox placement.

Its automated inbox check feature sends test messages and instantly verifies whether they reached the inbox or spam folder, providing real-time feedback before campaigns go live.

These functions, combined with campaign analytics, mirror legitimate marketing CRMs but are repurposed to facilitate phishing, ransomware, or other malicious payloads.

SpamGPT’s developers market the toolkit as an all-in-one spam-as-a-service solution.

By offering a straightforward graphical interface and detailed documentation, it reduces the need for specialized skills or deep knowledge of email protocols.

Features like “SMTP cracking mastery” tutorials instruct buyers on acquiring or compromising servers, while custom header options allow spoofing of trusted brands or domains.

This makes it possible for attackers with limited experience to bypass basic email authentication protections and deploy campaigns at scale.

The rise of SpamGPT suggests that phishing and ransomware incidents could become more frequent and advanced.

This campaign can also deliver malware disguised as harmless correspondence by bypassing spam filters and blending with legitimate mail traffic.

While this may sound alarming, there are several measures individuals and enterprises can take to stay safe.

How to stay safe

Strengthen email authentication with DMARC, SPF, and DKIM to prevent spoofed domains.
Deploy AI-powered tools to detect phishing emails generated by large language models.
Maintain robust malware removal procedures and keep regular, updated data backups.
Enforce multi-factor authentication on all accounts to limit stolen credential misuse.
Provide continuous phishing awareness training so employees can recognize suspicious emails.
Use network segmentation and least-privilege access controls to limit malware spread.
Keep all software and security patches updated to close exploitable vulnerabilities.
Test and refine an incident response plan to ensure quick, effective recovery.

Cybercriminals Exploit X’s Grok AI to Bypass Ad Protections and Spread Malware to Millions

‘Phantom hacker’ scam that targets the elderly has stolen over $1B in the past 12 months

A CRM for cybercriminals – SpamGPT makes cybercriminals’ wildest dreams come true with business-grade marketing tools and features

Infrastructure and deliverability capabilities

How to stay safe

Add Living safe online to your Homescreen!