Threat actors were quick on their feet to leverage the popularity of an AI chatbot called “ChatGPT” to spread malware against Windows and Android targets. These attackers redirect victims to a fake website that guarantees free and uninterrupted access to ChatGPT’s premium version.
However, the fake website will only trick the victims into installing malware on their computers or providing sensitive information that the attackers could collect and steal.
As the beginning of 2023 came, ChatGPT gained over 100 million users worldwide, making it the fastest consumer tech application in modern history to grow. OpenAI, ChatGPT’s developer, began a paid subscription for the AI chat app upon its immense popularity so users would have the option to use it without limits.
Redline and Lumma infostealer are two of the malware strains spread through fake ChatGPT phishing campaigns.
According to a researcher, they have spotted the Redline infostealing malware disguising itself as a ChatGPT Windows desktop client where people can download through a malicious domain chat-gpt-pc[.]online.
Another infostealing malware, Lumma Stealer, was also seen being pushed by this domain.
Furthermore, this identified malicious website was advertised by an attacker-made Facebook page that uses ChatGPT’s official logos and marketing images. Fake versions of the AI chat app are also promoted on Google Play and other third-party Android app stores, indicating that its operators can bypass the security regulations of official Android app stores.
Some other malicious domains were also seen dropping malware, stealing clipboard contents, and stealing credit card credentials on unaware victims are chatgpt-go[.]online, openai-pc-pro[.]online, and pay.chatgptftw[.]com.
Further analysis of malicious campaigns leveraging the AI chat app’s popularity revealed about 50 more fake applications aiming to spread malware.
Security experts want to remind public users that OpenAI’s online AI chat app, ChatGPT, is only accessible through its official website, chat.openai[.]com. The company does not yet offer mobile or desktop applications for the tool. Thus, people must be cautious about downloading these fake and malware-infected apps to their devices.
