Cybercriminals distribute fake ChatGPT apps online to push malware

Cybercriminals are exploiting the popularity of OpenAl"s ChatGPT tool to steal users’ sensitive
information through phishing links or distribute malware for Android and Windows.

For those not in the know, ChatGPT is an Al-powered conversational chatbot launched back in November 2022. ChatGPT can answer questions and assist with tasks like generating content and writing code. It has since become wildly popular, with an analyst claiming that it gained more than 100 million users last month.

It can be easy to fall for phishing links like the one above.| via Cyble

One of the ways threat actors are taking advantage of ChatGPT is by launching fraudulent tools promising uninterrupted access to the chatbot. For instance, threat intelligence provider Cyble recently discovered an unofficial ChatGPT Facebook page (shown above) with a substantial following and likes, and a healthy number of posts. Some of the posts, however, contain fake ChatGPT links that will open a phishing page with a "Download for Windows" button. Clicking this, however, will only deploy information-stealing malware to the victim"s PC.

Cyble also discovered a fraudulent page offering visitors access to ChatGPT Plus, a premium version of the popular Al chatbot. Any details that a user provides on this page will be sent to the threat actors who will use them for identity and financial fraud.

Notice the fake URL in the address bar. | via Cyble

Android users aren"t immune from such attacks either, as Cyble has detected more than 50 fraudulent apps that advertise ChatGPT. The apps belong to various malware families, such as potentially unwanted programs, adware, spyware, and billing fraud, among others. One app, going by the name of "ChatGPT," bears the icon of the tool but has no AI functionality. Instead, it only subscribes the victim to premium services without their consent. Another app steals sensitive data such as call logs, contacts, text messages, and media files.

Remember: ChatGPT does not have any app for Windows or Android (or any other platform), as it can only be accessed by heading to chat.openai.com through a web browser. Any program that claims to be ChatGPT is fake.

Protect your devices from malware by always keeping your security programs updated. Avoid downloading programs from suspicious websites as well. Finally, do not open links or files from unsolicited emails, as they may be malicious.

Source: Cyble

Report a problem with article
Next Article

AMD's 23.2.1 Windows 10 & 11 driver is no threat to Nvidia's ray tracing crown anytime soon

Previous Article

Google and Microsoft's chatbots likely cost as much as 10 times a normal search to operate