Cybercriminals Use Grok AI to Bypass X’s Malvertising Protections

Cybercriminals Exploit X’s Grok AI to Bypass Ad Protections and Spread Malware via “Grokking” Technique

  • Cybercriminals are using a new strategy to get around ad protections on X (formerly Twitter) by leveraging its AI assistant, Grok.
  • The method, called “Grokking,” hides malicious links in video ad metadata and prompts the AI to reveal them publicly.
  • Links exposed by Grok lead users to harmful sites, including Malware, fake CAPTCHA scams, and fraudulent ad networks.
  • Research from Guardio Labs found hundreds of accounts repeatedly using this approach until suspension.
  • This organized campaign boosts malicious link exposure through both promoted content and AI-driven responses.

Cybersecurity researchers identified a new technique that allows cybercriminals to bypass ad protections on the social media platform X by taking advantage of its Artificial Intelligence tool, Grok. The approach has led to a rise in the spread of harmful links on the platform, with attackers promoting adult content in ads and hiding the dangerous links in ad metadata fields.

- Advertisement -

The technique, known as “Grokking,” was reported by Nati Tal, head of Guardio Labs, and involves posting video ads with bait content.

The malicious links are hidden in the “From:” metadata below the video player, a section not typically scanned by the platform. Attackers then tag Grok in replies to these posts and ask where the video originates, prompting the AI to surface the hidden link in its response.

According to Tal,

“A malicious link that X explicitly prohibits in ads (and should have been blocked entirely!) suddenly appears in a post by the system-trusted Grok account, sitting under a viral promoted thread and spreading straight into millions of feeds and search results!”

The links, as identified by Guardio Labs, redirect users to deceptive ad networks that deliver malware, fake CAPTCHA scams, and other fraudulent content through direct link monetization. The domains involved use a Traffic Distribution System (TDS) which helps redirect users to various harmful sites.

Guardio Labs told The Hacker News that they discovered hundreds of accounts utilizing this method, each responsible for posting large numbers of these ads over several days.

“They seem to be posting non-stop for several days until the account gets suspended for violating platform policies,” the company reported, adding that the activity appears highly coordinated.

- Advertisement -

Researchers also noted that when Grok amplifies these links, it helps boost their visibility in search engine results and improves the domains’ reputations. This method not only spreads the malicious links to X’s wide user base but also helps the attackers sidestep existing protections in promoted advertisements.

Investigations are ongoing as X attempts to address the vulnerabilities and suspend accounts connected to these campaigns. So far, the persistent posting has revealed a broader pattern of organized malicious activity targeting the platform’s ad and AI features.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

- Advertisement -

Previous Articles:

Stay in the Loop

Get exclusive crypto insights, breaking news, and market analysis delivered straight to your inbox. No fluff, just facts.

    1 Email per day. Unsubscribe at any time.

    - Advertisement -

    Latest News

    HTX Lends 92% of USDT Reserves on Aave, Raising Risk Concerns

    HTX claims strong financial reserves, but most of its stablecoin holdings are out on...

    Nasdaq Tightens Crypto Buy Rules, Treasury Stocks Slide Now.

    Nasdaq will tighten rules for companies raising capital to buy cryptocurrency, including requiring some...

    If Shiba Inu Hits $1, Investors Could See Unimaginable Profits

    The price of Shiba Inu (SHIB) reaching $1 would make current holders extremely wealthy,...

    Hedera Hackathons Offer $1.5M+ in Prizes, Attract 10,000+ Builders

    The Hello Future Origins Hackathon featured a $550,000 global prize pool.The event ran from...

    Bitcoin Soars Amid Federal Reserve Crisis, S&P 500 Entry Looms

    Bitcoin’s price has doubled over the past year amid uncertainty around the Federal Reserve...

    Must Read

    Top 8 Books Every Beginner Should Read About Cryptocurrency

    Cryptocurrency and blockchain technology are filled with technical terms that beginners find challenging to understand. One of the best ways to learn about cryptocurrency...