AI Chatbot Links Lead Users to Phishing Sites, Malicious Code
Seoul, South Korea – Users of X (formerly Twitter) are being directed to phishing sites and malicious code distribution pages via links shared in responses to posts by verified accounts, including those leveraging AI chatbot technology, according to a report by Guardio Labs. Security experts are calling the tactic “grokking,” exploiting the trust associated with official or high-profile sources.The scheme involves hundreds of accounts posting similar content with malicious links, sometimes reaching thousands of posts per account over the last few days. The links appear in response to posts, creating a false sense of security even when originating on a platform like X.the report comes alongside growing concerns about the misuse of AI-powered chatbots, such as Character AI, where users are creating celebrity impersonations-including actors Timothy Chalamet, singer Chapel roan, and NFL quarterback Patrick Mahomes-and engaging in inappropriate conversations, including sexual advances, discussions of self-harm, and drug use. These chatbots, which have seen over 940,000 interactions with the impersonated celebrities, are reportedly created without the consent of the individuals they represent.
Experts warn that even links appearing in replies from verified X accounts cannot be guaranteed safe.The Washington Post recently reported on the structural flaws of these chatbots, noting they are “designed to maximize the good mood by inducing a kind of dopamine eruption,” perhaps increasing vulnerability to malicious links.
