Cybercriminals spread fake ChatGPT apps to spread malware

 tasks like creating content and writing code. The superiority of this chatbot makes it extremely popular, with a user base of more than 100 million as of the end of January 2023.

The rapid popularity of ChatGPT worldwide has attracted the attention of not only the public, but also the cybercriminals. Many international security organizations have recently simultaneously issued a warning about the trend of hackers abusing the popularity of OpenAl to steal users' sensitive data through phishing links, or distribute software. malicious applications for Android and Windows with applications and services that fake ChatGPT.

One of the effective ways that threat actors are taking advantage of ChatGPT is to launch phishing tools that promise to provide uninterrupted access to chatbots. Such is the case of an unofficial ChatGPT Facebook page (screenshot below) with a significant number of followers and likes as well as a healthy number of posts. However, some posts also contain fake ChatGPT links that, if clicked, open a phishing page with a Download for Windows button.' Just by clicking this link, the malware steals information. The message is immediately deployed on the victim's PC.

Security researchers also discovered a phishing site that offers users access to ChatGPT Plus, the premium version of ChatGPT. Any detailed personal information that users provide on this site will be sent to hackers. These guys will then use the obtained data to perform a variety of different scams.

Android users should also pay special attention to this scam trend. According to preliminary statistics of the Cyble security organization, there are currently more than 50 ChatGPT phishing applications targeting Google's operating system. These apps do not contain many different families of malware, such as adware, spyware, payment fraud, and several other types of malicious code.

For example, an application called "ChatGPT" with the exact same logo of the real tool, but without the AI ​​function. Instead, it automatically registers victims with premium services without their consent. Another similar app can even steal sensitive data like call logs, contacts, text messages, and media files.

Remember that ChatGPT doesn't have any apps for Windows or Android (or any other platform). You can only access this application by accessing chat.openai.com through a web browser. Any program or application named ChatGPT is fake, at least for the time being.

Protect your device from malware by keeping your security programs up to date. Also avoid downloading programs from suspicious websites. Finally, do not open links or files from unwanted emails as they may contain malicious code.

Kareem Winters

Update 23 February 2023