- US government website has been hijacked with AI generated spam
- NPR, Stanford, and other sites were also taken over
- The spam seems to be explicit but non-malicious
Several web domains have been hijacked to show explicit and AI-generated content in a spam campaign that targeted US Government sites and other domains.
A domain belonging to the US Department of Health and Human Services (HHS) advising on vaccines was defaced to show thousands of AI-generated articles, primarily containing incorrect or incomplete information about popular search topics like video game round-ups or restaurant recommendations.
Websites linked to radio station NPR and Stanford University were also hit, as was a page advertising events linked to (but not owned by) chip giant Nvidia.
WowLazy spam campaign
It’s not clear who hijacked the site or the purpose behind it, since the AI slop doesn’t seem to have a consistent theme or angle, and links in the pages directing to a “nonsense SEO spam page” stocks.wowlazy[.]com.
Much of the content appears to have been apparently explicit, but much was also “entirely mundane” - the spam campaign was discovered thanks to a technologist who was searching for ‘best Portland cat cafes’ on DuckDuckGo and was directed to the site and a spam page about cat cafes.
This isn’t the first time that cybercriminals have hijacked websites in order to post their own content, but usually this contains some type of malware of infostealer to gain profit from the spam campaigns - but as far as we can see, that wasn’t the case on this occasion.
SEO seems to be a tool that cybercriminals are taking advantage of in order to deliver malware (or not) to a wider audience. To mitigate the risk from this type of attack, users should disable push notifications from sites they don’t know/trust, and be very cautious with unfamiliar links.
TechRadar Pro did reach out to the CDC, NPR, and Stanford for comment but haven’t yet received a response. Nvidia told us the affected webpage was not affiliate to the company.
Via 404media
You might also like
- Take a look at our picks for the best malware removal software around
- Check out our choice for AI tools
- Cybercriminals are using SEO to get popular fake AI tools loaded with malware to rank high on Google
