It’s come to light that cyber attackers are using counterfeit versions of Google Bard, Google’s response to ChatGPT, as a vessel to spread malware.

This plot was unearthed when experts from ESET stumbled upon a Facebook advertisement pushing the AI writing software. Notably, there were numerous indicators suggesting the ad’s questionable nature.

Not only was the advertisement riddled with grammatical errors and spelling blunders, but its tone and style were noticeably unprofessional, far from what one would anticipate from an esteemed corporation like Google. Moreover, rather than linking to an official Google domain, the provided URL directed users to a site owned by a Dublin entity, rebrand.ly. Upon clicking, individuals were led to a page that mimicked a genuine Google website.

Also Read: Tesla’s Internal Data Exposed: A Look into the Recent Security Breach

The experts at ESET noted that visiting such misleading websites, especially while being logged into one’s browser, might risk divulging personal data. More alarmingly, this faux site had an active download option. If engaged, this button initiated a malware download housed on a Google Drive, masked under the name “GoogleAIUpdate.rar.” Conventional antivirus solutions promptly recognized the malicious intent of this executable.

One investigator noted, “As of my last update, the operation was being run in various guises. I’ve flagged it, and I doubt I’m the only one taking this step.” The investigator further added that other counterfeit versions like “meta AI” and other “Google AI” promotions have also been spotted.

This exploitation of the AI trend by cybercriminals isn’t novel. Earlier in March, a team at CloudSEK uncovered a sophisticated scam targeting users with malware through a deceptive ChatGPT application. Once again, these perpetrators took advantage of Facebook’s ad platform to amplify their fraudulent campaign.