{"id":61657,"date":"2025-09-05T13:27:09","date_gmt":"2025-09-05T10:27:09","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=61657"},"modified":"2025-09-05T13:30:14","modified_gmt":"2025-09-05T10:30:14","slug":"exploiting-grok-chatbot-used-to-spread-scam-links","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/exploiting-grok-chatbot-used-to-spread-scam-links\/","title":{"rendered":"Exploiting Grok: Chatbot Used to Spread Scam Links"},"content":{"rendered":"<p>Malefactors have found a way to exploit Grok for posting prohibited links on X, as reported by Guardio Labs researcher Nati Tal.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Malvertisers run \u201cvideo card\u201d promoted posts with mostly sketchy \u201cadult\u201d content baits (how these even pass X&#8217;s review is a mystery!)<\/p>\n<p>The malicious link is hidden in the tiny &#8220;\ud835\udc05\ud835\udc2b\ud835\udc28\ud835\udc26:&#8221; field below the video player. There is no malicious link scanning whatsoever on X! Yet, it\u2026 <a href=\"https:\/\/t.co\/lxAo2uomXO\">pic.twitter.com\/lxAo2uomXO<\/a><\/p>\n<p>\u2014 Nati Tal (@bananahacks) <a href=\"https:\/\/twitter.com\/bananahacks\/status\/1963184355196494011?ref_src=twsrc%5Etfw\">September 3, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Tal has termed this type of attack as Grokking and has informed the administrators of X about the issue.<\/p>\n<p>Fraudsters often launch dubious video ads with adult content as bait. However, if a link is inserted into the main block of such a message, X will block the publication.<\/p>\n<p>Instead, the malefactors have learned to hide the link in the small &#8220;From:&#8221; metadata field beneath the video card, which apparently is not scanned by the social network.<\/p>\n<p>They then respond to the ad, asking Grok something like, &#8220;where is this video from&#8221; or &#8220;what is the link to this clip.&#8221;<\/p>\n<p>The chatbot parses the hidden &#8220;From:&#8221; field and replies with the full malicious address in a clickable format.<\/p>\n<p>Posts from Grok garner increased trust, boosting the reach and reputation of the post. In some cases, the ad is seen by millions of users.<\/p>\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"594\" src=\"https:\/\/forklog.com\/wp-content\/uploads\/Snimok-ekrana-2025-09-05-v-13.25.10-1024x594.png\" alt=\"\u0421\u043d\u0438\u043c\u043e\u043a \u044d\u043a\u0440\u0430\u043d\u0430 2025-09-05 \u0432 13.25.10\" class=\"wp-image-265146\" srcset=\"https:\/\/forklog.com\/wp-content\/uploads\/Snimok-ekrana-2025-09-05-v-13.25.10-1024x594.png 1024w, https:\/\/forklog.com\/wp-content\/uploads\/Snimok-ekrana-2025-09-05-v-13.25.10-300x174.png 300w, https:\/\/forklog.com\/wp-content\/uploads\/Snimok-ekrana-2025-09-05-v-13.25.10-768x445.png 768w, https:\/\/forklog.com\/wp-content\/uploads\/Snimok-ekrana-2025-09-05-v-13.25.10-1536x890.png 1536w, https:\/\/forklog.com\/wp-content\/uploads\/Snimok-ekrana-2025-09-05-v-13.25.10-2048x1187.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Source: Tal.<\/figcaption><\/figure>\n<p>The researcher found that many such links lead to data-stealing malware, fake CAPTCHA tests, and other dubious resources.<\/p>\n<p>Previously, the AI startup xAI <a href=\"https:\/\/forklog.com\/en\/news\/xais-grok-chatbot-conversations-exposed-on-google\">published<\/a> hundreds of thousands of dialogues between users and the Grok chatbot on Google and other search engines. In many cases, confidential information was disclosed without permission.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Malefactors have found a way to exploit Grok for posting prohibited links on X.<\/p>\n","protected":false},"author":1,"featured_media":61658,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"Malefactors exploit Grok for posting prohibited links on X.","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[438,1201,1493],"class_list":["post-61657","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-artificial-intelligence","tag-chatbots","tag-explainable-ai"],"aioseo_notices":[],"amp_enabled":true,"views":"312","promo_type":"1","layout_type":"1","short_excerpt":"Malefactors exploit Grok for posting prohibited links on X.","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/61657","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=61657"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/61657\/revisions"}],"predecessor-version":[{"id":61659,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/61657\/revisions\/61659"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/61658"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=61657"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=61657"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=61657"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}