Hackers use ChatGPT to infect people with malware

Deceptive campaign unleashed targeting ChatGPT users

Hackers use ChatGPT to infect people with malwareThe rise of ChatGPT is followed by the rise of phishing campaigns

Hackers have launched a sophisticated campaign that takes advantage of the popularity of OpenAI's ChatGPT language model to trick victims into downloading malicious software. Threat actors, according to researchers at cybersecurity firm Cyble,[1] have created a network of typosquatted[2] domains masquerading as ChatGPT portals and websites, as well as dozens of fake and malicious applications from various malware families, such as adware, spyware, billing fraud, and potentially unwanted programs.

The hackers used the same logos as OpenAI and ChatGPT, making it easier to dupe victims. They've also created a fake social media page with over 3,500 followers and several posts. In order to appear credible, the page includes content such as videos and other OpenAI creations, such as Jukebox.[3]

The ultimate goal of these posts, however, is to trick users into clicking links that will take them to phishing pages and trick them into downloading malicious files onto their devices. This is yet another thing that may make people more scared of technological advances and artificial intelligence usage. People think that AI can take over the world and make a huge difference in our lives form taking jobs and taking over the world in other ways.

The risk of falling victim to phishing

Cyble warned that many people could be tricked by this campaign because the phishing[4] sites mimic many elements of the legitimate OpenAI website, making them appear credible portals. The domain “openai-pc-pro[.]online,” for example, is designed with OpenAI's green and purple colors, complete with a direct “DOWNLOAD FOR WINDOWS” button and product descriptions. However, clicking on it will result in the download of a compressed file containing an executable file containing malware.

Chatgpt-go[.]online and chat-gpt-online-pc[.]com are two other domains mentioned in the report. These phishing sites also spread malware families like Lumma Stealer, Aurora Stealer, clipper malware, and others. Cyble also identified a page named pay[.]chatgptftw[.]com, which is designed to steal credit card information from victims. It also discovered several SMS fraud applications posing as ChatGPT, which is used to commit financial fraud.

Solutions to combat malicious ChatGPT attacks

The situation worsened after it was discovered that fake ChatGPT apps were being distributed on Google Play and other third-party app stores. This development was brought to light by cybersecurity analyst and security researcher Dominic Alvieri,[5] who warned users about the fraudulent apps. The good news is that these items have been taken down from the Google Play Store. However, it is unknown how long they were active before being discovered and removed and how many people were affected.

ChatGPT has grown in popularity in recent years, particularly in natural language processing. The increasing use of the technology has also caught the attention of hackers, who see it as an opportunity to spread malware. As a result, more malicious campaigns revolving around ChatGPT may continue in the future.

Cybersecurity experts advise users to stay cautious and vigilant, especially when downloading or clicking links. They recommend using anti-malware software and keeping it up to date. Users should also verify the authenticity of websites and apps before downloading them. Additionally, it's important to avoid clicking on suspicious links or downloading files from unverified sources. With the rising popularity of ChatGPT, it's crucial to remain alert to avoid becoming a victim of cyberattacks.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions