Risk actors are exploiting the recognition of OpenAI’s ChatGPT chatbot to distribute malware for Home windows and Android, or direct unsuspecting vitims to phishing pages.
ChatGPT gained immense traction since its launch in November 2022, changing into essentially the most quickly rising client utility in trendy historical past with extra then100 million customers by January 2023.
This large recognition and fast progress pressured OpenAI to throttle the usage of the software and launched a $20/month paid tier (ChatGPT Plus) for people who need to use the chatbot with no availability restrictions.
The transfer created circumstances for menace actors to reap the benefits of the software’s recognition by promising uninterrupted and free-of-charge entry to premium ChatGPT. The presents are galse and the aim is to lure customers into putting in malware or to supply account credentials.
Safety researcher Dominic Alvieri was among the many first to note one such instance utilizing the area “chat-gpt-pc.on-line” to contaminate guests with the Redline info-stealing malware beneath the guise of a obtain for a ChatGPT Home windows desktop consumer.
That web site was promoted by a Fb web page that used official ChatGPT logos to trick customers into getting redirected to the malicious web site.
Pretend Fb web page (Cyble)
Alvieri additionally noticed faux ChatGPT apps being promoted on Google Play and third-party Android app shops, to push doubtful software program onto folks’s gadgets.
Pretend ChatGPT apps on the Play Retailer (Alvieri)
Researchers at Cyble have printed a related report immediately the place they current further findings relating to the malware distribution marketing campaign found by Alvieri, in addition to different malicious operations exploiting ChatGPT’s recognition.
Cyble found “chatgpt-go.on-line” which distributes malware that steals clipboard contents and the Aurora stealer.
Moreover, “chat-gpt-pc[.]on-line” delivered the Lumma stealer in Cyble’s checks. One other area, “openai-pc-pro[.]on-line,” drops an unknown malware household.
Along with the above, Cyble found a bank card stealing web page at “pay.chatgptftw.com” that supposedly presents guests a fee portal to buy ChatGPT Plus.
Phishing web site stealing bank card particulars (Cyble)
In the case of faux apps, Cyble says it found over 50 malicious purposes that use the ChatGPT’s icon and an analogous identify, all of them being faux and making an attempt to dangerous actions on customers’ gadgets.
Two examples highlighted within the report are ‘chatGPT1,’ which is an SMS billing fraud app, and ‘AI Picture,’ which comprises the Spynote malware, which might steal name logs, contact lists, SMS, and recordsdata from the system.
Spynote malware stealing name knowledge from the contaminated system (Cyble)
ChatGPT is completely an online-based software out there solely at “chat.openai.com” and doesn’t provide any cell or desktop apps for any working methods in the meanwhile.
Some other apps or websites claiming to be ChatGPT are fakes making an attempt to rip-off or infect with malware and needs to be thought of at the least suspicious and customers ought to keep away from them.