Short introductionIn the ever-evolving landscape of cybersecurity, staying ahead of sophisticated attacks is a constant challenge. Today, we’re speaking with Dominic Jainy, an IT professional with deep expertise in artificial intelligence, machine learning, and blockchain. With his finger on the pulse of emerging tech threats, Dominic offers unique insights into a new cyber-attack known as “Grokking,” which is exploiting features on the social media platform X to spread malicious links. In this interview, we dive into how scammers manipulate platform tools, the role of AI in amplifying these threats, the impact on users and site reputation, and potential solutions to safeguard against such schemes.
How did you first come across the “Grokking” cyber-attack, and what makes it stand out from other scams on social media platforms like X?
I stumbled upon the “Grokking” attack while researching recent trends in malvertising and AI exploitation. What makes this attack particularly unique is how it weaponizes both X’s advertising system and its AI assistant, Grok, to spread malicious links. Unlike typical scams that rely on phishing emails or fake profiles, this one uses promoted posts and a trusted AI tool to bypass security measures. Scammers embed harmful links in obscure parts of a post, and when users ask Grok for more information, the AI unknowingly delivers those links directly to them. It’s a clever double-play that exploits both human curiosity and platform trust.
Can you walk us through how scammers are using X’s features to spread these malicious links on such a large scale?
Absolutely. The scammers are leveraging X’s promoted post system, which allows content to reach massive audiences through paid impressions. They create posts, often with sensational or explicit content, to grab attention. While X prohibits links in the main body of promoted content, these attackers hide malicious domains in the “From:” field under video players—a spot that seems to slip past automated security scans. This loophole lets their posts rack up anywhere from 100,000 to over 5 million views, amplifying the reach of their harmful links exponentially.
What’s your take on why X’s security scans are failing to catch these hidden links in areas like the “From:” field?
I believe it comes down to the focus of X’s current security protocols. Most automated scans are designed to scrutinize the main content of posts—text, images, or obvious URLs—because that’s where threats typically appear. The “From:” field, being a smaller, less prominent metadata area, likely isn’t prioritized for deep scanning. Scammers exploit this blind spot, knowing that the field still displays to users but doesn’t trigger the same level of scrutiny. It’s a reminder that security systems need to adapt to cover every nook and cranny of a platform, especially as attackers get more creative.
How does X’s AI assistant, Grok, get pulled into this attack, and what role does it play in spreading the malicious content?
Grok becomes an unwitting accomplice in this scheme. When users see these mysterious or intriguing promoted posts—often anonymous videos with sensational content—they naturally turn to Grok for answers about the source or context. Grok, in its attempt to be helpful, scans the post for relevant information and pulls the malicious domain from the “From:” field. It then shares this link directly in its response, presenting it as a legitimate answer. This not only delivers the harmful link to curious users but also lends it an air of credibility since it comes from a trusted AI tool.
Why do you think users are so quick to trust links provided by an AI like Grok, and how does this impact their behavior?
Users tend to trust Grok because it’s an official feature of X, designed to assist and provide accurate information. There’s an inherent assumption that anything coming from a platform’s own AI has been vetted or is safe. When Grok shares a link, it feels like a stamp of approval, lowering users’ defenses. This trust can lead them to click on malicious domains without a second thought, exposing them to malware or phishing schemes. It’s a stark example of how our reliance on AI can be exploited if proper safeguards aren’t in place.
What kind of content are scammers using in these promoted posts, and why does it seem to work so well in drawing users in?
The content often revolves around sensational or explicit themes, like provocative “adult” videos or flashy promises related to tech, such as video card giveaways. This type of material works because it taps into basic human curiosity and emotional triggers—people are drawn to things that shock, excite, or promise quick rewards. The anonymity of the posts adds a layer of mystery, making users want to know more, which is exactly why they turn to Grok. With impressions ranging from 100,000 to over 5 million per post, it’s clear this content strategy is incredibly effective at capturing attention on a massive scale.
How does Grok sharing these malicious links affect the broader digital landscape, particularly for the harmful websites involved?
When Grok references these malicious domains, it inadvertently boosts their visibility and perceived legitimacy. This can enhance the reputation of these harmful sites, making them appear more trustworthy to users who encounter them later. Beyond that, there’s a potential SEO benefit—search engines might interpret these references as endorsements or increased traffic, which could improve the sites’ rankings. This creates a vicious cycle where the scam sites gain more exposure and attract even more victims, amplifying the overall threat.
From a user’s perspective, what drives someone to ask Grok about these posts, and how does the AI’s response make the scam more convincing?
Users are often drawn to ask Grok because these posts are deliberately vague or intriguing. A video with no clear source or context sparks curiosity—people want to know who posted it or what it’s about. When Grok responds with a specific link pulled from the post, it feels like a direct, authoritative answer to their question. This precision and the fact that it’s coming from an official tool make the link seem far more legitimate than if it were just embedded in a random comment or message. It’s a subtle but powerful way to lower skepticism.
What steps do you think X could take to prevent attacks like “Grokking” from happening in the future?
X needs to tighten its security across the board, starting with comprehensive scans of all post elements, including overlooked areas like the “From:” field. They should implement stricter checks on metadata in promoted content to catch hidden links before posts go live. Additionally, programming Grok to avoid sharing links extracted from certain fields or unverified sources could stop the AI from amplifying malicious content. Beyond that, real-time monitoring of promoted post impressions and content patterns could help flag suspicious activity early. It’s about closing loopholes and ensuring AI tools don’t become vectors for scams.
Looking ahead, what is your forecast for the evolution of cyber-attacks exploiting AI tools on platforms like X?
I expect cyber-attacks involving AI to become even more sophisticated and widespread. As AI tools like Grok become integral to user experiences on platforms, attackers will keep finding ways to manipulate them—whether by feeding misleading data, exploiting trust, or using AI to generate convincing scam content at scale. We’ll likely see more attacks that blur the line between human and machine interaction, making it harder for users to spot red flags. Platforms will need to invest heavily in AI-specific security measures and user education to stay ahead of these threats, or we risk seeing trust in digital ecosystems erode further.