Researchers have discovered that criminals are now working around X’s efforts to curb malicious advertisements, turning to the platform’s own artificial intelligence chatbot, Grok, to amplify dangerous links.
This method, which researchers dubbed Grokking, came to light through the work of Nati Tal, the head of Guardio Labs.
In this scheme, bad actors publish video promotions full of adult content to draw attention, tucking a harmful link into the metadata beneath the video where X’s filters miss it.
Next, fraudsters mention Grok in their replies, usually with questions like “where is this video from,” which prompts the bot to surface the hidden link right out in the open.
With Grok blindly echoing the link to a vast audience, the malicious content quickly spreads far and wide, escaping the usual blocks.
Unwanted Links, Massive Reach
Tal emphasized the scale at play, explaining how links banned outright from advertisements can “suddenly appear in a post by the system trusted Grok account, sitting under a viral promoted thread and spreading straight into millions of feeds and search results.”
The trap is set for anyone who follows the link, as these destinations almost always lead to a web of fake CAPTCHA pop-ups, malware designed to steal personal data, and even more shadowy digital threats.
Guardio identified the domains involved as part of a Traffic Distribution System, a network notorious in cyber circles for routing unsuspecting users to dangerous and deceptive content under the guise of typical ads.
Investigators at Guardio have watched hundreds of accounts employ this method, each pumping out large numbers of posts in rapid succession, only stopping when the accounts get suspended by the platform.
“They seem to be posting nonstop for several days until the account gets suspended for violating platform policies,” a Guardio spokesperson explained.
Such persistence has all the hallmarks of a well-organized and coordinated operation rather than a scattering of isolated attacks.
The evolving use of artificial intelligence in these schemes not only bypasses platform protections but also raises new concerns about the ways that trusted digital assistants can be manipulated by those looking to exploit their reach.
