A Bard’s Tale – how fake AI bots try to install malware

The AI race is on! It’s easy to lose track of the latest developments and possibilities, and yet everyone wants to see firsthand what the hype is about. Heydays for cybercriminals!

Today, while I was browsing through my Facebook feed, I came across an ad by “Google Bard AI”, suggesting to download and try out the latest version of Google’s legitimate AI tool “Bard”.

My first “huh?” moment was that the shortened URL didn’t include any Google reference but rather a link to rebrand.ly – a service with no obvious ties to Google and with offices in Dublin, Ireland. It seemed odd for an internet giant to be using the services of another provider and my suspicion was triggered. I then re-read the text of the advertisement and although I’m not a native English speaker, I found it hard to believe that no one seemed to have proofread that rather confusing content.

Fake ad as shown on Facebook 

Did you say “Bots”?

I then proceeded to check the comments section below the ad in pursuit of hints towards possible fraud, but to my (little) surprise, they all seemed to love “the app”. Referring to just “the app” seemed rather general, while others praised the “AI”, never mentioning Google at all. Some were giving “a 5 Star rating” (sic) – in a comment section?! Somehow, miraculously, it seemed like everyone in the comments had downloaded and tested the app at the same time, only to be writing their comments at exactly the same moment – which in my case was “6 hours ago” – only adding up to my suspicions.

All comments written at the same time? 

Following the trail

I chose to fire up my protected environment to investigate a little further. First, I checked the rebrandly-Link at VirusTotal, which was flagged as malicious by 3/90 vendors. This is a first indicator, but no proof at all, as this may also be a false positive.

So I went for it and opened the link in an anonymous browser window – which turned out to be a perfect idea since the link led to an actual Google site – hxxps://sites.google.com/view/12345328?fbclid=IwAR2V87sG77nklWVC1tLS-R-fjrL_nNNDhjtDorxKHkN56g8oNVV09Edjgwo  

Had I been accessing the site while logged-in to my browser, especially with my Google account in Chrome, the criminals would have potentially gained much more information about me than I’d wanted!

The download page 

While the site is hosted at Google’s cloud infrastructure, the content is, of course, not related nor provided by Google themselves. It also gives away a few more hints that something shady is about to happen, here. First, let’s look at the page title on the browser tab: “Trang chủ” (Vietnamese for “home page”). Additionally, it seems obvious, once again, that the text on the site hasn’t been created by a native or a proficient English speaker. This suggests that the attackers behind this campaign are based in Vietnam, but of course, by no means this is sufficient proof.

The “Download” button then leads to hxxps://drive.google.com/u/0/uc?id=1sn-Lzt-2vJ_i-6I9lkbGgr_-IN2TVcA-&export=download – a personal Google Drive space, trying to create the illusion the campaign was an official offering by Google, though it simply was a cheap mean of distribution for the attackers.

There’s no intelligence, not even artificial

The file downloaded is a RAR archive – GoogleAIUpdata.rar. Scanning it or uploading it to VirusTotal doesn’t lead to anything useful as it is “protected” with a password. One might wonder why if it was a genuine download from Google, you say? Well, this password “protection” acts only as an easy way for the attackers to get past malware scanners – nothing else. If you open the archive (without unpacking it!) with the password “789” as provided on the download page, you’ll see that the archive contains an installer in the MSI (Microsoft Software Installer) format – Google Bard AI setup.msi. Thankfully, unarchiving tools like 7-zip provide the option to create SHA-256 (and other) file hashes, which then can be searched for on VirusTotal, again, without the need to unpack a potentially harmful file.

Looking up the file provides the last proof that this is a malicious campaign. 26/59 vendors flag the file as malicious, with ESET giving away a little more information in the detection name. JS/ExtenBro.Agent.EK is a JavaScript agent which will try to alter your (browser) settings, preventing access to certain security vendor sites to get rid of it after an infection, but mostly it serves as Adware, displaying annoying and unwanted ads on basically any website you try to access and promising the attackers money with each ad displayed on a victim’s machine.


At the time of writing the campaign was still visible in different variations, but I reported it and will most certainly not be the only one doing so. Sadly, it seems that this might be a bigger campaign as I’ve now encountered other examples as “meta AI” or other fake “Google AI” ads. After all, this campaign can be considered a desperate attempt to make a “quick buck” out of the current and ongoing AI hype, spreading ever so annoying Adware to make even more money. By no means this has been a sophisticated campaign whatsoever. But the sad reality is that people will fall for such scams in the hopes of getting their hands on the latest technologies. Another sad truth is that we can’t rely on tech giants such as Facebook and Google to provide 100% clean and safe environments.

I hope this blog post helps a little in spotting the odds and hints and how to investigate a potential scam or malware attack without the need for expensive tools, right from home.