US government website has been hijacked with AI generated spamNPR, Stanford, and other sites were also taken overThe spam seems to be explicit but non-maliciousSeveral web domains have been hijacked to show explicit and AI-generated content in a spam campaign that targeted US Government sites and other domains.
A domain belonging to the US Department of Health and Human Services (HHS) advising on vaccines was defaced to show thousands of AI-generated articles, primarily containing incorrect or incomplete information about popular search topics like video game round-ups or restaurant recommendations.
Websites linked to radio station NPR and Stanford University were also hit, as was a page advertising events linked to (but not owned by) chip giant Nvidia.
WowLazy spam campaignItās not clear who hijacked the site or the purpose behind it, since the AI slop doesnāt seem to have a consistent theme or angle, and links in the pages directing to a ānonsense SEO spam pageā stocks.wowlazy[.]com.
Much of the content appears to have been apparently explicit, but much was also āentirely mundaneā ā the spam campaign was discovered thanks to a technologist who was searching for ābest Portland cat cafesā on DuckDuckGo and was directed to the site and a spam page about cat cafes.
This isnāt the first time that cybercriminals have hijacked websites in order to post their own content, but usually this contains some type of malware of infostealer to gain profit from the spam campaigns ā but as far as we can see, that wasnāt the case on this occasion.
SEO seems to be a tool that cybercriminals are taking advantage of in order to deliver malware (or not) to a wider audience. To mitigate the risk from this type of attack, users should disable push notifications from sites they donāt know/trust, and be very cautious with unfamiliar links.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
TechRadar Pro did reach out to the CDC, NPR, and Stanford for comment but havenāt yet received a response. Nvidia told us the affected webpage was not affiliate to the company.
Via 404media
You might also likeTake a look at our picks for the best malware removal software aroundCheck out our choice for AI toolsCybercriminals are using SEO to get popular fake AI tools loaded with malware to rank high on Google
