Grok AI logo with a warning symbol representing AI exploitation and malware spread

Researchers have uncovered a new tactic where cybercriminals use X’s AI assistant Grok to evade malvertising restrictions and distribute malicious links. The method, called “Grokking,” involves posting promoted videos with adult content and hiding harmful links in the “From:” metadata field, which X does not scan.

Grok AI logo with a warning symbol representing AI exploitation and malware spreadGrok AI logo with a warning symbol representing AI exploitation and malware spread

Attackers then tag Grok in replies, prompting the AI to display the malicious link publicly. This boosts the link’s visibility through SEO and domain reputation, spreading it to millions of users.

X with a warning symbol representing AI exploitation and malware spreadX with a warning symbol representing AI exploitation and malware spread

The links lead to sketchy ad networks pushing fake CAPTCHA scams, malware, and other harmful content via traffic distribution systems. Hundreds of accounts have been found repeatedly posting these malicious links before being suspended, indicating a coordinated campaign.

NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security