The Gaming Boardroom

Scammers Are Using Grok to Spread Malicious Links on X

Steve Tyler Leave a comment

Scammers Are Using Grok to Spread Malicious Links on X

Summary

Bad actors on X (formerly Twitter) have discovered a technique labelled “grokking” to bypass X’s ban on links in promoted posts. Scammers place malicious URLs in the small “From” caption of video cards, then prompt X’s AI assistant Grok via comments (for example: “@grok Where is this video from?”) so Grok fetches and republishes the link in a clickable form. That repost by Grok exposes the link to potentially hundreds of thousands or millions of users and improves the link’s apparent credibility in search engines because it appears on X.

Researchers from Guardio Labs and others have found hundreds of examples in a few days. The technique leverages weaknesses in X’s content scanning and Grok’s guardrails, and it amplifies malicious infrastructure such as phishing, scam redirects and malware distribution through promoted posts.

Key Points

  • “Grokking” uses Grok to extract and repost links hidden in the “From” field of promoted video cards on X.
  • Promoted posts on X forbid links in the visible body, but hidden fields and AI reposting bypass that restriction.
  • The method can reach large audiences because promoted videos get wide distribution and Grok’s reposts are clickable.
  • Basic link scanning across all post fields would likely have stopped the campaign; currently X’s protections are limited and inconsistent.
  • Security testing shows Grok’s guardrails are weaker than many commercial competitors, making it vulnerable to prompt-injection-style tricks.

Why should I read this?

Short and blunt: if you use X, manage social media, or defend networks, this is the kind of clever dodge that turns a tiny loophole into mass exposure for scams. It’s quick to set up and scales. Knowing how it works helps you spot the signs and adjust monitoring or ad policies before you — or your users — get burned.

Author’s take (punchy)

This is not just another skirmish in the arms race between platforms and scammers — it’s a practical reminder that AI features need security baked in, not bolted on. Read the details if you care about platform hygiene or incident prevention; otherwise, at least tighten link scanning and warn users.

Source

Source: https://www.darkreading.com/threat-intelligence/scammers-grok-malicious-links-x

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2026 The Gaming Boardroom. All rights reserved.