Grok Users: Beware of Malicious Links You Click
▼ Summary
– Hackers are using X’s chatbot Grok to promote malicious adult websites and inject malware through a method called “Grokking.”
– Cybercriminals place video ads with adult content on X and embed malicious links in the metadata to bypass security monitoring.
– Grok responds to comments by providing functional links to these harmful sites, which also boosts their SEO rankings when indexed.
– Users can protect themselves by scanning all fields and enabling hidden link blocking on X to check links against blocklists.
– X has not officially commented on the issue, though engineers have unofficially acknowledged the problem to researchers.
Grok users face a new cybersecurity threat as hackers exploit the platform’s chatbot to distribute malware through deceptive adult content links. Security researchers warn that malicious actors are leveraging X’s in-house AI, Grok, to promote harmful websites in a technique now being called “Grokking.” This method involves cybercriminals posting video ads containing adult material to attract attention, then embedding dangerous links within the video’s metadata fields to avoid detection by X’s security systems.
Once the ad is live, hackers post comments asking about the video’s source. Grok responds by providing a clickable link that directs users to malware-infected sites. Beyond the immediate risk of infection, this tactic also artificially inflates the malicious sites’ search engine rankings, since Grok’s responses are publicly indexed by Google.
To guard against these threats, experts recommend enabling hidden link blocking on X and carefully inspecting all fields, including metadata, before interacting with content. While X’s engineers have informally acknowledged the issue, the platform has not yet released an official statement or implemented a broad solution.
This incident is part of a broader pattern of security challenges on the platform. High-profile accounts have previously been compromised to promote cryptocurrency scams, and federal agencies have identified thousands of bots spreading disinformation. For users, the best defense remains vigilance: think twice before clicking, and assume that not everything, or everyone, online is what it seems.
(Source: PC Mag)
