Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Incidents

Hackers Use Grok Ai To Spread Malware

September 4, 2025
Reading Time: 3 mins read
in Incidents
Salesloft Drift Attacks Hits Vendors

Cybersecurity researchers have recently identified a sophisticated new method, dubbed “Grokking,” that cybercriminals are employing to circumvent the malvertising protections on the social media platform X. This technique, highlighted by Nati Tal of Guardio Labs, exploits the platform’s artificial intelligence assistant, Grok, to propagate malicious links. The core of this approach is to get around the strict content restrictions for Promoted Ads, which typically disallow the inclusion of direct links. Instead of embedding the link directly, malicious actors hide it within a video’s metadata, a field that is apparently not subject to the platform’s standard scanning processes.

The “Grokking” process begins with cybercriminals running promoted video ads, often using adult content as a lure to attract attention. The malicious link is concealed within the video’s “From:” metadata field, which is displayed below the video player. This is a crucial step, as this specific field seems to be a blind spot for X’s automated scanning systems. Once the post is live and amplified through paid promotion, the threat actors then tag Grok in a reply to the post, asking a question such as “where is this video from?”. This prompt tricks the AI chatbot into responding by displaying the hidden link, effectively making the malicious URL visible to a broad audience.

This method is highly effective because it leverages the trust associated with a system-trusted account like Grok. The AI’s response, which includes the malicious link, is then amplified through the viral promoted thread, spreading to millions of feeds and search results. As Nati Tal noted, a link that X’s advertising policies explicitly prohibit suddenly appears in a post from a trusted source, gaining an unprecedented level of exposure and credibility. This amplification is further bolstered by search engine optimization (SEO) and domain reputation benefits, as the link is now associated with a post that has garnered millions of impressions.

The links disseminated through this technique direct users to a variety of harmful content, including fake CAPTCHA scams, information-stealing malware, and other deceptive schemes. Guardio Labs found that these domains are part of a larger Traffic Distribution System (TDS), a network often used by malicious ad tech vendors to route traffic to dangerous or fraudulent content. The use of smartlinks further personalizes the malicious content delivered to each user. The cybersecurity firm has observed hundreds of accounts engaging in this organized behavior, with each account posting a massive number of similar posts until they are eventually suspended for violating platform policies.

The organized nature and rapid proliferation of this “Grokking” technique pose a significant threat to X users. The method demonstrates a creative and alarming new way for cybercriminals to exploit platform features and bypass security measures. By leveraging X’s own AI assistant, malicious actors are able to lend legitimacy to their links and achieve a level of reach that would be impossible through traditional malvertising. The findings underscore the need for social media platforms to constantly adapt their security protocols to stay ahead of sophisticated and evolving cyber threats.

Reference:

  • Cybercriminals Exploit Grok Ai On X To Bypass Ad Protections And Spread Malware
Tags: cyber incidentsCyber Incidents 2025Cyber threatsSeptember 2025
ADVERTISEMENT

Related Posts

Salesloft Drift Attacks Hits Vendors

Salesloft Drift Attacks Hits Vendors

September 4, 2025
Salesloft Drift Attacks Hits Vendors

Jaguar Land Rover Hit By Cyber Incident

September 4, 2025
Austria Ministry Reports Email Breach

Austria Ministry Reports Email Breach

September 4, 2025
Austria Ministry Reports Email Breach

Hackers Breach Fintech In Bank Heist Try

September 4, 2025
Austria Ministry Reports Email Breach

Ransomware Hits Pennsylvania AG Office

September 4, 2025
Sitecore Exploit Chain Warning

Lotte Card Cyberattack Reported

September 2, 2025

Latest Alerts

CISA Flags TP Link Router Flaws

Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

WhatsApp Scam Lets Hackers Hijack Chats

Malicious Npm Package Mimics Nodemailer

Android Droppers Turn Into Malware Tools

Subscribe to our newsletter

    Latest Incidents

    Salesloft Drift Attacks Hits Vendors

    Jaguar Land Rover Hit By Cyber Incident

    Hackers Use Grok Ai To Spread Malware

    Austria Ministry Reports Email Breach

    Hackers Breach Fintech In Bank Heist Try

    Ransomware Hits Pennsylvania AG Office

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial