Beware! Fake ChatGPT Windows & Android Apps Deliver Dangerous Malware

Cybersecurity analysts at Cyble Research and Intelligence Labs (CRIL) reported that Cybercriminals are taking advantage of the widespread use of the ChatGPT chatbot created by OpenAI to disseminate malicious software designed for both Windows and Android operating systems. 

Additionally, these malicious actors are luring unsuspecting individuals to visit fraudulent websites, known as phishing pages, through the use of this chatbot.

Launched in November 2022, ChatGPT quickly skyrocketed to unprecedented levels of popularity, in history making it the fastest-growing consumer application. In just two short months, by January 2023, the chatbot had already amassed an incredible 100 million users.

The astounding popularity and explosive growth of ChatGPT have placed a significant strain on OpenAI’s resources, prompting the organization to implement usage limitations to ensure stable performance. 

As a result, the company has launched a premium subscription service, ChatGPT Plus, which offers unrestricted access to the chatbot for a monthly fee of $20.

Luring Users

OpenAI’s decision to introduce a paid subscription service for ChatGPT has inadvertently created an opportunity for malicious actors to exploit the chatbot’s widespread popularity. 

In some instances, these threat actors have attempted to deceive users by falsely claiming to provide unrestricted access to the premium ChatGPT service, free of charge. This tactic preys on unsuspecting individuals who may be seeking ways to bypass the new usage restrictions imposed by OpenAI.

It is important to note that any offers claiming to provide unrestricted access to the premium ChatGPT service without a legitimate subscription are fraudulent and should be approached with caution. 

These deceptive tactics are often employed by malicious actors with the goal of luring unsuspecting users into installing malware or divulging sensitive account credentials.

Cyble recently detected an unofficial social media page dedicated to ChatGPT has recently gained a significant following and likes. 

The page in question features a range of posts related to ChatGPT and other OpenAI tools, but it is important to note that this page is not an official source of information or updates from OpenAI.

In an attempt to build credibility, the page appears to be mixing different types of content on its page, such as videos and other posts that are not related to the page.

Upon closer examination, it has been discovered that certain posts on the unofficial ChatGPT social media page contain links that lead unsuspecting users to phishing pages impersonating ChatGPT.

These pages are designed to deceive users into downloading malicious files and divulging sensitive information. The linked website on the post is a fake domain, designed to appear as ChatGPT’s official site, but actually, it is a typosquatting site.

Typosquatting is a tactic employed by malicious actors to trick users into visiting fake websites that closely resemble legitimate ones, often by utilizing slight variations in the domain name or web address. 

Consequently, users may think that they are accessing the official ChatGPT website, causing them to be misled and induced into trying out the PC version of ChatGPT.

The page also includes a post on Jukebox, a music and audio creation tool that is based on AI and was created by OpenAI.

Fake ChatGPT Apps for Windows & Android

The fraudulent website displays a deceptive “DOWNLOAD FOR WINDOWS” button, which upon clicking, triggers the download of malicious files that can put users’ devices at risk.

Upon clicking the deceptive “DOWNLOAD FOR WINDOWS” button, from the below-mentioned URL users are directed to an automatic download of a compressed file called “ChatGPT-OpenAI-Pro-Full-134676745403.gz”:-

• hxxps://rebrand.ly/qaltfnuOpenAI

The compressed file in question contains a hazardous program referred to as “ChatGPT-OpenAI-Pro-Full-134676745403.exe”. This program is categorized as a “stealer malware” due to its ability to covertly gather sensitive data from a system.

After conducting an extensive investigation, CRIL has uncovered more than 50 counterfeit and malevolent applications that exploit the ChatGPT logo to execute malicious activities. These apps have been designed to deceive users into thinking they are legitimate, but they are, in fact, harmful to your device.

Some of these apps are classified as potentially unwanted programs, which are a type of malware belonging to different malware families:-

• Adware
• Spyware
• Billing fraud

Cyble highlighted two examples that are worth mentioning:-

• chatGPT1: SMS Fraud Android malware impersonating ChatGPT
• AI Photo: Spynote Malware Masquerading as ChatGPT

At present, ChatGPT is a web-based platform that is solely accessible via the official website. As of now, there are no ChatGPT mobile or desktop applications available for any operating systems.

Recommendations

Here below we have mentioned all the recommendations offered by the experts:-

• Make sure you do not download files from unknown websites.
• Ensure that your connected devices are protected by anti-virus and internet security software packages.
• You should not open emails or links that are untrusted without verifying their authenticity first.
• Make sure employees are aware of the dangers of phishing and untrusted URLs so they can protect themselves against these threats.
• To block data exfiltration by malware or Trojans, you need to monitor the beacon on the network level.
• Ensure that the employees’ systems are equipped with DLP Solutions.
• Ensure that only official app stores are used to download and install the software.
• Passwords should be strong and a multi-factor authentication system should be implemented.
• Make sure that biometric security features are enabled.
• In order for Android devices to be protected by Google Play Protect, you must enable it.
• Keep your operating system, your devices, and your applications up-to-date.

Network Security Checklist – Download Free E-Book