Threat actors are using the popularity of OpenAI’s ChatGPT chatbot to spread malware for Windows and Android and lure unwary users to phishing websites. ChatGPT has grown tremendously since its November 2022 introduction and has amassed more than 100 million users by January 2023. It has become the consumer application with the fastest growth rate in modern history.
A $20/month subscription tier (ChatGPT Plus) was introduced for users who want to use the chatbot with no availability limits due to the tool’s extreme popularity and quick expansion. The action led Threat actors to take advantage of the tool’s popularity by offering constant, cost-free access to premium ChatGPT. However, the offers are fictitious, and the intention is to trick customers into downloading malware or handing over their login information.
One such instance, disguised as a download for a ChatGPT Windows desktop client, was one of the first to be identified by security researcher Dominic Alvieri. It used the domain “chat-gpt-pc.online” to infect users with the Redline information-stealing malware. A Facebook page used to advertise that website misled viewers into visiting the rogue site by using the legitimate ChatGPT logos.
Alvieri also discovered that fake ChatGPT apps were being advertised on Google Play and other Android app stores in an effort to trick users into installing questionable software. Researchers at Cyble also released a relevant study that presented new information on the malware distribution campaign identified by Alvieri and other criminal activities taking advantage of ChatGPT’s popularity.
“Chatgpt-go.online,” which disseminates malware that collects items from the clipboard and the Aurora stealer, was found by Cyble. In Cyble’s testing, “chat-gpt-pc[.]online” also provided the Lumma stealer. The “openai-pc-pro[.]online” domain distributes an unidentified malware family. Cyble further found a credit card-stealing website at “pay.chatgptftw.com” that purportedly directs users to a payment page for ChatGPT Plus.
In terms of counterfeit apps, Cyble claims to have found over 50 that are dangerous and seek to harm users’ devices while using the ChatGPT symbol and a similar name. The study cites “chatGPT1,” an SMS billing fraud app, and “AI Photo,” which has the Spynote malware and can take data, call logs, contact lists, and SMS from the target device.
Currently, no desktop or mobile apps are available for any operating systems for ChatGPT, which is solely an online tool accessible at “chat.openai.com.” Any other programs or websites that mimic ChatGPT are fakes that seek to defraud people or infect computers with malware, so users should avoid them at the very least.