Exploiting the popularity of ChatGPT – threat actors are found to be distributing phishing pages and malware to unsuspecting users.
Some noted by security researchers and firms point at different domains impersonating Open AI or ChatGPT – asking users to download them for free access to the chatbot. Unsuspecting users installing them may risk losing their sensitive data on the device, which may further lead to money theft too.
Distributing Fake ChatGPT Apps
ChatGPT, the conversational AI chatbot that stirred the entire technology industry in recent months, launched a premium subscription earlier this month. This is to limit the free users hopping on it with senseless questions and dedicate the tech to those who really need it.
While it’s a logical move to push the server costs onto users, this subscription space has also opened operational space for the hackers, who’re distributing malware and phishing pages for unsuspecting users online.
Posing as free ChatGPT apps (even though the service is only available on the web), hackers are disturbing fake apps and websites via Play Store and on the web. Some were noted by a security researcher Dominic Alvieri, who explained with an example of the domain “chat-gpt-pc[.]online” – which is being promoted on the web and via a Facebook page.
Chat GPT PC Online Redline redirect.
I redirected it to closed.
/chat-gpt-pc.online@OpenAI #cybersecurity #infosec pic.twitter.com/lXY5zUyMBj
— Dominic Alvieri (@AlvieriD) February 12, 2023
Redirecting users to this website, the hacker is spreading Redline info-stealing malware under the guise of offering the ChatGPT Desktop app for Windows. The researcher further spotted a bunch of fake ChatGPT apps promoted on Google Play and in third-party Android app stores.
Google first page Chat GPT Google Play Store fake apps.
Google search item apps 3 & 4 removed from the Google Play Store including fake Chat GPT Smart AI Chatbot…@Google @OpenAI @Microsoft pic.twitter.com/Ul3wbNpAPD
— Dominic Alvieri (@AlvieriD) February 13, 2023
Adding to this, Cyble researchers noted several domains with similar malicious intent, spreading Aurora stealer and Lumma stealer. Some of the example domains they listed include “chatgpt-go[.]online”, “chat-gpt-pc[.]online”, “openai-pc-pro[.]online,” etc.
Also, there are over 50 malicious apps using the ChatGPT’s icon and its name to spread spyware aimed at stealing the user’s sensitive data on the device. To note, there are no Android, iOS, or desktop apps for this service. ChatGPT is only available on the web for $20 a month via the “chat.openai.com” website.
