X Grokking malvertising campaign
Campaign
Summary
Hide ▲
Show ▼
Cybercriminals are running a coordinated X malvertising campaign that abuses Grok to surface hidden malicious links and push them into millions of feeds. The operation uses hundreds of accounts and repeated promoted posts to evade ad restrictions and amplify deceptive traffic at scale. Users are being funneled toward fake CAPTCHA scams, information-stealing malware, and other harmful content through linked ad networks and smartlinks.
Related Happenings
AccountDumpling Google AppSheet Facebook phishing campaign
Campaign
First: 01.05.2026 21:09
Last: 01.05.2026 21:09
Sources 1
About this happening:
A **Vietnamese-linked** operation dubbed **AccountDumpling** is using **Google AppSheet** as a phishing relay to steal **Facebook** credentials, enabling account takeover at scale...
AccountDumpling Google AppSheet Facebook phishing campaign
CampaignAbout this happening: A **Vietnamese-linked** operation dubbed **AccountDumpling** is using **Google AppSheet** as a phishing relay to steal **Facebook** credentials, enabling account takeover at scale...
DeceptionAds ClickFix social-engineering campaign
Campaign
First: 25.09.2025 20:22
Last: 25.09.2025 20:22
Sources 1
About this happening:
The **DeceptionAds** operation used **Vane Viper's malicious ad network** to deliver **ClickFix-style social engineering**, expanding deceptive user reach through malvertising inf...
DeceptionAds ClickFix social-engineering campaign
CampaignAbout this happening: The **DeceptionAds** operation used **Vane Viper's malicious ad network** to deliver **ClickFix-style social engineering**, expanding deceptive user reach through malvertising inf...
X Grok malicious-link bypass campaign
Campaign
First: 04.09.2025 01:01
Last: 04.09.2025 01:01
Sources 1
About this happening:
**Campaign** activity on **X** is abusing **Grok** to turn hidden URLs in video-card **"From:" metadata** into clickable links, a bypass Guardio Labs dubbed **"grokking"**. The op...
X Grok malicious-link bypass campaign
CampaignAbout this happening: **Campaign** activity on **X** is abusing **Grok** to turn hidden URLs in video-card **"From:" metadata** into clickable links, a bypass Guardio Labs dubbed **"grokking"**. The op...
Lovable services phishing and malware-distribution campaign
Campaign
First: 20.08.2025 16:01
Last: 20.08.2025 16:01
Sources 1
About this happening:
The abuse of **Lovable services** has fueled **numerous campaigns** that distribute **MFA phishing kits**, **malware loaders**, and scam sites, raising the risk of **credential th...
Lovable services phishing and malware-distribution campaign
CampaignAbout this happening: The abuse of **Lovable services** has fueled **numerous campaigns** that distribute **MFA phishing kits**, **malware loaders**, and scam sites, raising the risk of **credential th...
Timeline
-
04.09.2025 13:21 2 articles · 8mo ago
Grokking bypass uses X replies to surface hidden malicious links
Initial DisclosureCybersecurity researchers describe Grokking, a malvertising technique on X that hides a malicious URL in video post metadata and then tags Grok in replies so the AI assistant displays the link, amplifying it across millions of impressions and pushing users toward sketchy ad networks, fake CAPTCHA scams, and information-stealing malware.
Show sources
- Cybercriminals Exploit X’s Grok AI to Bypass Ad Protections and Spread Malware to Millions — thehackernews.com — 04.09.2025 13:21
- Cybercriminals Exploit X’s Grok AI to Bypass Ad Protections and Spread Malware to Millions — thehackernews.com — 04.09.2025 13:21