Google's AI Search Caught Pushing Users to Download Malware

AI SaaS

That’s not good!

Click Here!

Google’s AI-integrated Search feature is leading platform users straight to malware-laden spam sites.

Per BleepingComputer, the issue was first caught by search engine optimization (SEO) expert Lily Ray, who took to X-formerly-Twitter last week to show that Google’s AI-powered Search Generative Experience (SGE) — which churns up web content and regurgitates it into paraphrased snippets — had returned numerous spam pages in response to the query “pitbull puppy for sale craigslist.”

“OH GOOD,” Ray tweeted, along with a screenshot. “SGE WILL EVEN RECOMMEND THE SPAM SITES AS PART OF THE ANSWER.”

That SGE isn’t yet able to reliably distinguish useful search results from full-on SEO spam, especially considering Google’s recent and wide-ranging spam crackdown, is issue enough on its own. Unfortunately for Google, though, this particular SGE error only got worse from there.

When the folks at BleepingComputer visited the AI-recommended spam sites themselves, they were met with a barrage of scammy fake captcha and YouTube pages designed to trick visitors into subscribing to spammy browser notifications that flood their computers with unwanted advertisements — some of which sought personal information from users — and even browser extensions that hijack search queries.

In other words, Google’s SGE led BeepingComputer directly to fraudulent malware.

Fresh Paint

Google, for its part, told BleepingComputer that it continues “to update our advanced spam-fighting systems to keep spam out of Search, and we utilize these anti-spam protections to safeguard SGE.” A spokesperson for the company added that Google has “taken action under our policies to remove the examples shared, which were showing up for uncommon queries.”

To be fair, spam and malware are unfortunate facts of the web, and searchers make the mistake of clicking on sneaky links like this all the time.

But as BleepingComputer points out, the integration of these links into convincingly paraphrased SGE snippets lends an added layer of legitimacy to the harmful content. The spam sites that showed up in Ray and BeepingComputer‘s searches each had sketchy-looking URLs that your average searcher might have avoided. When rehashed by SGE, though, the malware-packed links got new coats of paint.

Spam is nothing new. But SGE is — and as this incident reveals, we can likely expect many of today’s search woes to persist in a new, AI-organized search landscape.

More on Google SGE: Google’s Search AI Says Slavery Was Good, Actually

AI SaaS

Leave a Reply

Your email address will not be published. Required fields are marked *