According to reports from Cyble Research and Intelligence Labs (CRIL), cybercriminals are exploiting the widespread use of OpenAI’s ChatGPT chatbot to distribute malicious software that targets both Windows and Android operating systems. Furthermore, these bad actors are enticing unsuspecting individuals to visit phishing websites using the chatbot.
ChatGPT was launched in November 2022 and quickly gained popularity, becoming the fastest-growing consumer application in history. By January 2023, it had already reached an astonishing 100 million users.
The tremendous popularity and rapid expansion of ChatGPT have strained OpenAI’s resources, leading the organization to impose usage limits to ensure stable performance. Consequently, OpenAI has introduced a premium subscription service called ChatGPT Plus, which provides unrestricted access to the chatbot for a monthly fee of $20.
.
Luring Users
OpenAI’s decision to launch a paid subscription service for ChatGPT has inadvertently created an opportunity for cybercriminals to exploit the chatbot’s immense popularity. These bad actors have attempted to deceive users by offering free access to the premium ChatGPT service, which goes against OpenAI’s new usage restrictions.
It is crucial to note that any offers claiming to provide unrestricted access to the premium ChatGPT service without a legitimate subscription are fraudulent and should be approached with caution. These deceptive tactics are often employed to install malware or steal sensitive account information from unsuspecting users.
Recently, Cyble Research and Intelligence Labs (CRIL) identified an unofficial ChatGPT social media page that has garnered significant followers and likes. While the page features various posts related to ChatGPT and OpenAI tools, it is important to note that it is not an official source of information or updates from OpenAI.
To build credibility, the page is mixing different types of content, including videos and other unrelated posts. However, certain posts on the unofficial page contain links that lead unsuspecting users to phishing pages impersonating ChatGPT. These pages are designed to trick users into downloading malicious files and divulging sensitive information. The linked website is a fake domain that appears similar to ChatGPT’s official site but is actually a typosquatting site.
Typosquatting is a tactic used by cybercriminals to deceive users into visiting fake websites that closely resemble legitimate ones, often by using slight variations in the domain name or web address. As a result, users may believe they are accessing the official ChatGPT website, leading them to be misled and convinced to try out the PC version of ChatGPT.
Furthermore, the unofficial page also contains a post about Jukebox, an AI-based music and audio creation tool created by OpenAI.
Fake ChatGPT Apps for Windows & Android
The fraudulent website displays a deceptive “DOWNLOAD FOR WINDOWS” button, which upon clicking, triggers the download of malicious files that can put users’ devices at risk.
Upon clicking the deceptive “DOWNLOAD FOR WINDOWS” button, from the below-mentioned URL users are directed to an automatic download of a compressed file called “ChatGPT-OpenAI-Pro-Full-134676745403.gz”:-
- hxxps://rebrand.ly/qaltfnuOpenAI
The compressed file in question contains a hazardous program referred to as “ChatGPT-OpenAI-Pro-Full-134676745403.exe”. This program is categorized as a “stealer malware” due to its ability to covertly gather sensitive data from a system.
After conducting an extensive investigation, CRIL has uncovered more than 50 counterfeit and malevolent applications that exploit the ChatGPT logo to execute malicious activities. These apps have been designed to deceive users into thinking they are legitimate, but they are, in fact, harmful to your device.
Some of these apps are classified as potentially unwanted programs, which are a type of malware belonging to different malware families:-
- Adware
- Spyware
- Billing fraud
Cyble highlighted two examples that are worth mentioning:-
- chatGPT1: SMS Fraud Android malware impersonating ChatGPT
- AI Photo: Spynote Malware Masquerading as ChatGPT
At present, ChatGPT is a web-based platform that is solely accessible via the official website. As of now, there are no ChatGPT mobile or desktop applications available for any operating systems.
Recommendations
Here below we have mentioned all the recommendations offered by the experts:-
- Make sure you do not download files from unknown websites.
- Ensure that your connected devices are protected by anti-virus and cyber security software packages.
- You should not open emails or links that are untrusted without verifying their authenticity first.
- Make sure employees are aware of the dangers of phishing and untrusted URLs so they can protect themselves against these threats.
- To block data exfiltration by malware or Trojans, you need to monitor the beacon on the network level.
- Ensure that the employees’ systems are equipped with DLP Solutions.
- Ensure that only official app stores are used to download and install the software.
- Passwords should be strong and a multi-factor authentication system should be implemented.
- Make sure that biometric security features are enabled.
- In order for Android devices to be protected by Google Play Protect, you must enable it.
- Keep your operating system, your devices, and your applications up-to-date.
Go to Source
Author: Balaji N
