Attackers Abuse Grok To Spread Phishing Links
KnowBe4, Wednesday, October 22nd, 2025
Threat actors are abusing X's generative AI bot Grok to spread phishing links, according to researchers at ESET. The attackers achieve this by tricking Grok into thinking it's answering a question, and providing a link in its answer.
'In this attack campaign, threat actors circumvent X's ban on links in promoted posts (designed to fight malvertising) by running video card posts featuring clickbait videos,' ESET says.
'They are able to embed their malicious link in the small 'from' field below the video. But here's where the interesting bit comes in: The malicious actors then ask X's built-in GenAI bot Grok where the video is from. Grok reads the post, spots the tiny link, and amplifies it in its answer.'