{"id":25598,"date":"2024-12-18T07:10:19","date_gmt":"2024-12-18T15:10:19","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2024\/12\/18\/news-19327\/"},"modified":"2024-12-18T07:10:19","modified_gmt":"2024-12-18T15:10:19","slug":"news-19327","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/12\/18\/news-19327\/","title":{"rendered":"AI-generated malvertising “white pages” are fooling detection engines"},"content":{"rendered":"\n

This is no secret, online criminals are leveraging artificial intelligence (AI) and large language models (LLMs) in their malicious schemes. While AI tends to be abused to trick people (i.e. deepfakes) in order to gain something, sometimes, it is meant to defeat computer security programs. <\/p>\n

With AI, this process has just become easier and we are seeing more and more cases of fake content produced for deception purposes. In the criminal underground, web pages or sites that are meant to be decoys are sometimes called “white pages,” as opposed to the “black pages” (malicious landing pages).<\/p>\n

In this blog post, we take a look at a couple of examples where threat actors are buying Google Search ads and using AI to create white pages. The content is unique and sometimes funny if you are a real human, but unfortunately a computer analyzing the code would likely give it a green check.<\/p>\n

Fake-faced executives<\/h2>\n

The first example is a phishing campaign targeting Securitas OneID. The threat actors are very cautious about avoiding detection by running ads that most of the time redirect to a completely bogus page unrelated to what one would expect, namely a phishing portal.<\/p>\n

It did cross our minds they could very well be trolling security researchers, but if that was truly the case, why not simply go for Rick Astley’s Never Gonna Give You Up<\/a><\/em>?<\/p>\n

\"\"<\/a><\/figure>\n

The entire site was created with AI, including the team’s faces. While in the past, criminals would go for stock photos or maybe steal a Facebook profile, now it’s easier and faster to make up your own, and it’s even copyright-free!<\/p>\n

\"\"<\/a><\/figure>\n

When Google tries to validate the ad, they will see this cloaked page with pretty unique content and there is absolutely nothing malicious with it.<\/p>\n

Parsec and the universe<\/h2>\n

Our second example is another Google ad for Parsec this time, a popular remote desktop program used by gamers. <\/p>\n

It so happens that a parsec<\/a> is also an astronomical measurement unit and the threat actors (or should we say AI) went wild with it, creating a white page heavily influenced by Star Wars:<\/p>\n

\"\"<\/a><\/figure>\n

The artwork, including posters, is actually quite nice, even for a non-fan.<\/p>\n

\"\"<\/a><\/figure>\n

Once again, this cloaked content is a complete diversion which will take detection engines for a ride.<\/p>\n

AI vs AI: humans to the rescue<\/h2>\n

These are just some of the many examples of AI being misused. In the early days of deepfakes, one may remember companies already training AI to detect AI.<\/p>\n

There will naturally be content produced by AI for legitimate reasons. After all, nothing prohibits anyone from creating a website entirely with AI, simply because it’s a fun thing to do.<\/p>\n

In the end, AI can be seen as a tool which on its own is neutral but can be placed in the wrong hands. Because it is so versatile and cheap, criminals have embraced it eagerly.<\/p>\n

Ironically, it is quite straightforward for a real human to identify much of the cloaked content as just fake fluff. Sometimes, things just don’t add up and are simply comical. Do jokes trigger the same reaction in an AI engine as they would to a human? It doesn’t seem like it… yet.<\/p>\n

\n

We don\u2019t just report on threats\u2014we remove them<\/strong><\/p>\n

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

With AI, it’s not only the sky that’s the limit, it’s the entire universe. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[10245,3108,4503,18051,11539,10531],"class_list":["post-25598","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-ai","tag-criminals","tag-cybercrime","tag-detection","tag-fake","tag-malvertising"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25598","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=25598"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25598\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=25598"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=25598"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=25598"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}