Malware rising due to AI generated fake ads, study finds

Malware is being increasingly embedded into online and social media through fake ads created by AI tools such as ChatGPT, according to a study by Menlo Security.

The research – undertaken by CensusWide involving 1,000 UK consumers from May to June 2023, suggested that these so called ‘malvertising’ attacks can be harder to identify as malicious due to being AI generated.

According to the study, the vast majority (70%) of respondents don’t know they can be infected with malware by clicking on a brand logo, and 40% are also unaware of the risks by clicking on a social media ad.

On average Menlo Security said that one out of 100 online ads are malicious, but warned this could rise as more AI tools and software become available and easy to use.

Almost a third (31%) of all respondents are not confident in their ability to recognise and avoid malvertising threats. This rises to 40% in women and 41% of over-55s.

“AI used maliciously can not only generate convincing text, it can also generate images which can be made to appear like popular brands or logos,” urged Tom McVey, AI security spokesperson at Menlo Security.

“Our research has found that you’re only 3-7 clicks away from malware online. With malware-as-a-service and AI generated text and images easily accessible, even attackers with little or no skills can create convincing ads – we’re expecting a big uptick in malvertising as a result.”

According to Menlo Security, consumer trust varies according to the nature of the site. Facebook and Instagram are seen as more trustworthy, with one in five people trusting these sites not to have malvertising, while Twitter is less so (with only 14% trusting it not to have malvertising).

“Some people may be shocked to learn that even the most credible websites are not immune to malvertising,” added McVey.

To read cyber security experts’ advice on how to prevent an attack from happening to your firm, read TI’s Ransomware Report here.