Hackers are taking advantage of ChatGPT's popularity to distribute malware via Windows and Android apps, leading the unaware to pages that bait them for their information.
Since its November 2022 launch, ChatGPT's fame skyrocketed, culminating to a whopping 100 million users by January 2023. As a result of its explosive growth, Open AI throttled the platform for free users and introduced ChatGPT Plus, a $20-a-month subscription for those who want to use the AI chatbot without limitations.
Consequently, threat actors have been offering complimentary, uninterrupted, throttle-free access to ChatGPT, and of course, this is all a ruse.
How fake ChatGPT apps affect your PC
What's the goal of these fake ChatGPT apps? Cybercriminals want to seduce users into relinquishing their account credentials.
How do these phishing attacks play out? Take cybersecurity researcher Dominic Alvieri's recent discovery, for example. He found "chat-gpt-pc.online," a fake domain that masqueraded as a legitimate source for ChatGPT downloads. Users who took the bait ended up being infected with RedLine, an information-stealing malware that can snatch data from web browsers, cryptocurrency wallets, and apps such as Steam, Discord and Telegram.
Google third-party .org and .me app stores pushing unofficial Chat GPTs. pic.twitter.com/6nPbd3bDsaFebruary 13, 2023
After further research, Alvieri also located other fake ChatGPT apps in the Google Play Store that was promoting the devious malware to unsuspecting users. Security research firm Cyble reported that hackers using ChatGPT's popularity is a growing and significant concern.
Cyble discovered malicous domains such as chatgpt-go.online, chat-gpt-pc[.]online, and openai-pc-pro[.]online. The scariest discovery Cyble made was that of a credit card stealing page, "pay.chatgptftw.com," which offered victims a payment portal to buy access to an inauthentic ChatGPT Plus service.
Cyble said it found over 50 malicious apps that use ChatGPT's logo, icons, and similar naming conventions to bait users. Two of the most nefarious abusers that Cyble shared are ChatGPT1, a fraudulent SMS billing application, and AI Photo, which contains Spynote malware that can steal personal data from your phone, including call logs, contacts lists, files, and SMS messages.
To be clear, the only proper place online to play with the popular ChatGPT is "chat.openai.com." There are no ChatGPT official mobile or desktop apps available at this time. If you run into any applications that claim to be associated with ChatGPT, watch out! They're probably fakes.