Identifying Grokking on X: Tips to Avoid Becoming a Victim

Whether you’re a supporter or detractor of Grok AI on X (formerly Twitter), it’s important to be aware that this technology has recently been co-opted for malicious activities targeting unsuspecting users. Before engaging further, equip yourself with the knowledge to identify the emerging cybersecurity risk known as Grokking.

Understanding Grokking

Though the term might seem unfamiliar, it’s the designated name for a novel exploit aimed at circumventing the malvertising defenses implemented by X. Typically, X is proficient at blocking most hazardous advertisements; however, Grokking cleverly employs the platform’s own AI, Grok, to facilitate cybercriminal efforts.

Malicious advertisers craft promoted content that ostensibly adheres to X’s advertising guidelines by including videos rather than direct links. While legitimate links require approval, Grokking exploits a loophole by embedding harmful URLs in the “From”field of video ads—an aspect that X does not monitor.

When users inquire about video origins, they receive a clickable link instead of the expected user account information. Given the inherent trust users place in Grok, they often click without hesitation, leading them to compromised sites filled with scams and malware.

These deceptive ads garner millions of views due to their promotional status and the deceptive trust added by Grok’s recommendations, creating an ongoing threat as new perpetrator accounts surface following the suspension of others.

Identifying Grokking Attempts

Many malvertising video ads now feature explicit adult content to lure users in. While not every adult-themed ad is harmful, exercising caution is paramount before interacting with such posts.

Expert Nati Tal has illustrated this exploit in a thread on X. For a better understanding, view the accompanying image.

One significant indicator to watch for is whether Grok’s answer includes a link. Ideally, you should receive information about a user account or brand instead. If a follow-up inquiry about purchasing a product elicits a link to a brand’s homepage, it could be an indication of Grokking.

Steering Clear of Promoted Ads

The silver lining is that mere exposure to these ads does not compromise your security; clicking a link is necessary for malware to infect your device or steal your data.

To minimize risks, the simplest strategy is to bypass ads entirely. While legitimate businesses may not favor this approach, scrolling past these promotions can significantly reduce the chance of encountering malicious content.

Avoid Offers That Seem Too Good to Be True

Grokking ads often exploit the desire for adult content without requiring ID verification, which many regions mandate due to age laws. For users wishing to maintain anonymity, these ads appear appealing, but they often lead to dangerous sites that host phishing scams and other malicious software.

Furthermore, promotions that appear overly enticing—whether related to adult content or otherwise—should raise red flags. If something seems too good to be true, it likely is.

Examine Links in Grok’s Responses

Should you find yourself intrigued by an advertisement, scrutinize Grok’s answer. If there haven’t been any prior inquiries about the video’s source, question your own access to Grok.

When it comes to links, refrain from clicking them, even if they seem to lead to a trustworthy brand. Instead, search for the brand name through your preferred search engine to find the authentic site.

It’s also essential to remember that hackers continue to exploit vulnerabilities in AI frameworks, making vigilance crucial. Always look beyond the top search results for safety.

Utilizing VirusTotal for Link Safety

While no method is infallible, using VirusTotal can help assess whether a link may pose a risk. If the service flags a link as suspicious, it’s best to avoid it.

VirusTotal offers a free service for entering links or files to receive security analysis results from multiple sources. I personally have averted numerous risks by consulting VirusTotal before clicking, making it one of my go-to resources for online safety.

Accessing X Without Advertisements

For X Premium+ subscribers, the experience includes significantly fewer prompts and virtually no ads, effectively shielding you from Grokking exploits. However, the $40/month subscription may not be feasible for all users.

Although ad-blocker extensions can be employed on the web, they don’t extend to mobile versions. As a workaround, consider saving X as a mobile site, allowing you to access it similarly to the app while bypassing ads. While some promoted content might slip through, this method typically minimizes exposure to malicious ads.

Regardless of your preference for the traditional X experience, you don’t have to fall victim to this new strain of cyber threats. By consciously avoiding ads and investigating links before clicking, you can protect yourself from Grokking.

Source & Images