In recent days, social media platform X has shown me a multitude of strangely similar ads featuring the slogan “Harness the full power of AI!” accompanied by images and links. Strangely, none of these ads were posted by an account associated with a business; instead, all are from random personal accounts, some of which have been renamed. There are also multiple problems with the links in the ads, which do not in fact lead to the domains displayed in the link card; instead, they link to an “AI” website whose operators appear to have scraped their contact information from a restaurant in Bakersfield, California.

The “Harness the full power of AI!” X ads I’ve encountered thus far came from eight different accounts, all of which are presently adorned with blue checkmarks. All eight accounts are at least a decade old, with creation dates ranging from 2009 through 2014, and all have relatively low post counts considering their age. All eight have first name/last name combinations as display names, although in several cases these names seem at odds with the accounts’ handles. (Examples: “Jackson Parker”, with the handle @Kiara_Kiana, and “Eren Kall”, with the handle @dannigirl4215.) Based on comparisons with old datasets and Wayback Machine archives, at least three of the accounts have changed their handles and at least five have changed their display names at some point in their history.

The advertisements posted by the accounts appear at first glance to link to one of two domains, teambuilding(dot)com and alliai(dot)com, but when clicked, the links redirect to alli-ai(dot)us, a website that purportedly offers access to various (mostly older) generative AI models. Attempting to use any of the models, however, triggers an unexpected drive-by download, which on my Macbook consisted of a malicious DMG file containing a crude attempt to harvest my local login information.

Interestingly, the “Contact Us” form on the alli-ai(dot)us website lists a California address and phone number, but is prepopulated with a message mentioning Bangladesh. Even more curiously, the same California address and phone number are listed on the official website of a Bakersfield restaurant, Jade Buffet. A brief phone call to the phone number in question confirmed that the restaurant is the only business affiliated with the address and phone number listed on both sites, and the staff member who answered the phone seemed surprised that the restaurant’s contact information was being used by an alleged AI company.

As mentioned earlier, at least some (and possibly all) of the accounts posting the spammy “Harness the full power of AI!” X ads have had their display names and handles changed, a possible sign that the accounts have been hijacked. Additional evidence that the accounts were taken over exists as well; biographies, avatars, and primary posting languages have been changed, and most of the accounts have lengthy gaps between their early activity and recent posts. It is also noteworthy that none of the accounts has significant history of posting about artificial intelligence and related topics, rendering the “Harness the full power of AI!” ads even more anomalous.