Have you noticed how malicious links are now being “𝐆𝐫𝐨𝐤𝐤𝐞𝐝”?
X won’t allow links in promoted posts to fight malvertising. Yet scammers love the challenge and trick X’s AI to amplify the same links that should’ve been blocked!
This is “𝐆𝐫𝐨𝐤𝐤𝐢𝐧𝐠”
Malvertisers run “video card” promoted posts with mostly sketchy “adult” content baits (how these even pass X’s review is a mystery!)
The malicious link is hidden in the tiny “𝐅𝐫𝐨𝐦:” field below the video player. There is no malicious link scanning whatsoever on X! Yet, it is still barely noticeable at this spot. It is not really a good malvertising practice, just yet…
Meanwhile, these posts reach 100k to 5M+ impressions through paid promotion! 💰
Then comes the twist. Scammers turn to 𝐀𝐬𝐤 𝐆𝐫𝐨𝐤!
They ask something like: “𝐖𝐡𝐞𝐫𝐞 𝐢𝐬 𝐭𝐡𝐢𝐬 𝐯𝐢𝐝𝐞𝐨 𝐟𝐫𝐨𝐦?” 😏
Grok reads the promoted post and finds the “From” field, using it in its reply 👉 This time, the malicious link is fully visible, clickable, and impossible to miss. Adding to that, it is now amplified in SEO and domain reputation - after all, it was echoed by Grok on a post with millions of impressions! 🤯
So what happened?
A malicious link that X explicitly prohibits in ads (and should have blocked entirely!) suddenly appears in a post by the system-trusted Grok account, sitting under a viral promoted thread and spreading straight into millions of feeds and search results!
👉 The system meant to enforce restrictions gets bypassed, and the AI itself becomes the amplifier! 🤖
And the links? They lead through shady ad networks, monetizing clicks with “direct links” that are known to push Fake captcha scam, Info stealer malware and other shady grey-area content
Really, grok? Don’t you check your links before you “grok” them?