Fake ChatGPT apps spread Windows and Android malware

1 year ago AndyC

OpenAI’s
ChatGPT
chatbot
has
been
a
phenomenon,
taking
the
internet
by
storm.

Whether
it
is
composing
poetry,
writing
essays
for
college
students,
or
finding
bugs
in
computer
code,
it
has
impressed
millions
of
people
and
proven
itself
to
be
the
most
accessible
form
of
artificial
intelligence
ever
seen.

Yes,
there
are
plenty
of
fears
about
how
the
technology
could
be
used
and
abused,
questions
to
be
answered
about
its

ethical
use
and
how
regulators
might
police
its
use,
and
worries
that
some
may
not
realise
that
ChatGPT
is
not
as
smart
as
it
initially
appears.

But
no-one
can
deny
that
it
has
generated
a
huge
amount
of
interest
from
the
general
public.

And
what
might
Joe
Public
want
to
do
first
when
they
hear
about
ChatGPT?
Why,
give
it
a
try
of
course!

And
that’s
where
things
can
go
badly
wrong,
because
–
as
security
researcher
Dominic
Alvieri
has

warned
–
malicious
hackers
are
taking
advantage
of
people
searching
the
internet
for
ChatGPT
to
direct
them
to
malware
and
phishing
sites.

Cybercriminals
are
using
the
promise
of
free-of-charge
access
to
premium
ChatGPT
as
a
lure,
tricking
users
into
downloading
malware
or
enter
their
passwords.

Some
of
the
malicious
ChatGPT
clones
have
managed
to
make
it
as
far
as
the
official
Google
Play
Store,
as
well
as
third-party
app
stores.

Meanwhile,
researchers
at
Cyble

report
that
a
bogus
Facebook
page
has
been
created,
purporting
to
be
the
official
presence
of
OpenAI’s
ChatGPT.

Predictably,
links
posted
on
the
Facebook
page
direct
unsuspecting
users
to
a
typosquatted
domain
that
masquerade
as
the
official
site
for
ChatGPT,
and
ultimately
direct
users
into
downloading
executable
code
designed
to
steal
information.

Similar
examples
include
malicious
apps
which
commit
fraud,
plant
adware
and
spyware,
and
other
malicious
activities.

In
one
instance
described
by
Cyble’s
researchers,
they
describe
a
bogus
ChatGPT
app
for
Android
which
subscribes
users
to
premium-rate
SMS
services
without
their
knowledge.

Another,
a
variant
of
the
Spynote
malware,
steals
sensitive
information
from
users’
Android
devices,
including
call
logs,
contacts,
SMS
messages.
media
files
and
other
data.

As
ever,
take
great
care
about
where
you
visit
on
the
internet,
use
up-to-date
security
software
to
defend
your
computer
and
its
data,
follow
safe
computing
best
practices,
and
stay
alert
to
threats
and
how
best
to
protect
against
them.

Editor’s
Note:
The
opinions
expressed
in
this
guest
author
article
are
solely
those
of
the
contributor,
and
do
not
necessarily
reflect
those
of
Tripwire,
Inc.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts