Cybercriminals Use Grok AI to Bypass X’s Malvertising Protections

Cybercriminals Exploit X’s Grok AI to Bypass Ad Protections and Spread Malware via “Grokking” Technique

  • Cybercriminals are using a new strategy to get around ad protections on X (formerly Twitter) by leveraging its AI assistant, Grok.
  • The method, called “Grokking,” hides malicious links in video ad metadata and prompts the AI to reveal them publicly.
  • Links exposed by Grok lead users to harmful sites, including Malware, fake CAPTCHA scams, and fraudulent ad networks.
  • Research from Guardio Labs found hundreds of accounts repeatedly using this approach until suspension.
  • This organized campaign boosts malicious link exposure through both promoted content and AI-driven responses.

Cybersecurity researchers identified a new technique that allows cybercriminals to bypass ad protections on the social media platform X by taking advantage of its Artificial Intelligence tool, Grok. The approach has led to a rise in the spread of harmful links on the platform, with attackers promoting adult content in ads and hiding the dangerous links in ad metadata fields.

- Advertisement -

The technique, known as “Grokking,” was reported by Nati Tal, head of Guardio Labs, and involves posting video ads with bait content.

The malicious links are hidden in the “From:” metadata below the video player, a section not typically scanned by the platform. Attackers then tag Grok in replies to these posts and ask where the video originates, prompting the AI to surface the hidden link in its response.

According to Tal,

“A malicious link that X explicitly prohibits in ads (and should have been blocked entirely!) suddenly appears in a post by the system-trusted Grok account, sitting under a viral promoted thread and spreading straight into millions of feeds and search results!”

The links, as identified by Guardio Labs, redirect users to deceptive ad networks that deliver malware, fake CAPTCHA scams, and other fraudulent content through direct link monetization. The domains involved use a Traffic Distribution System (TDS) which helps redirect users to various harmful sites.

- Advertisement -

Guardio Labs told The Hacker News that they discovered hundreds of accounts utilizing this method, each responsible for posting large numbers of these ads over several days.

“They seem to be posting non-stop for several days until the account gets suspended for violating platform policies,” the company reported, adding that the activity appears highly coordinated.

Researchers also noted that when Grok amplifies these links, it helps boost their visibility in search engine results and improves the domains’ reputations. This method not only spreads the malicious links to X’s wide user base but also helps the attackers sidestep existing protections in promoted advertisements.

Investigations are ongoing as X attempts to address the vulnerabilities and suspend accounts connected to these campaigns. So far, the persistent posting has revealed a broader pattern of organized malicious activity targeting the platform’s ad and AI features.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -

Latest News

Gate Launches Ethereum-Compatible Layer 2, Revamps GT Token

Gate has introduced Gate Layer, a new Layer 2 blockchain to raise transaction speeds...

FalconX Launches First Forward Rate Contracts for Ethereum Staking

FalconX completed the first forward rate agreements based on the Treehouse Ethereum Staking Rate. The...

Oracle to Operate TikTok US Algorithm as Takeover Deal Nears Completion

A potential agreement is nearing that would move control of TikTok’s U.S. operations to...

Bitcoin Options Expiry Favors Bulls if $112K Holds Amid Uncertainty

About $22.6 billion in Bitcoin options contracts are set to expire on Friday, with...

BitMine Buys $84M in Ethereum, Analysts See ETH Hitting $12K+

Ethereum holds above $4,100 following an $84 million purchase by BitMine Immersion.The company now...
- Advertisement -

Must Read

10 Best Crypto to Mine Without Special Hardware Equipment

A lot of people mostly think that it takes a difficult process to mine cryptocurrency. today we are going to show you some of...