Fake ChatGPT apps are being used to push malware

Concept art of ChatGPT AI chatbot
(Image credit: NMStudio789 / Shutterstock)

It was only a matter of time before hackers started leveraging the immense popularity of ChatGPT to push malware and steal sensitive personal data - and several security companies have now spotted this happening.

For the uninitiated, OpenAI's ChatGPT is an AI-powered chatbot whose popularity has skyrocketed in recent months. 

The novelty of its output, plus Microsoft's eagerness to invest in the technology, made it the most sought-after technology online, hitting more than 100 million users in just two months (November 2022 to January 2023), according to BleepingComputer.

Infostealers galore

The demand, inevitably, led to the service's monetization. Those who want uninterrupted access to the platform can get it for $20 a month. 

Per BleepingComputer, cybersecurity pros have found different hacker campaigns promising free access. These are, obviously, cases of "if it sounds too good to be true, it probably is," and you should be wary of them.

In one such example, threat actors were pushing Redline, a known infostealer capable of grabbing passwords and credit card data stored in web browsers, taking screenshots, exfiltrating files, and more. 

To deliver the malware, they created a fake website promoting uninterrupted access to ChatGPT, and even created a Facebook page to promote the website. Other hackers tried to distribute the Aurora stealer.

There are also fake ChatGPT apps being distributed via Google Play and other third-party Android app stores. It goes without saying that users wouldn’t be getting access to the chatbot, only unknown forms of malware. So far, there are dozens of such apps: researchers from Cyble found more than 50.

For the avoidance of doubt, the only way to access ChatGPT is via the official website - https://chat.openai.com/ - and OpenAI’s APIs. All other "alternatives" aren't credible, and could impact your smartphone's security and your privacy.

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.