Sophos, a cybersecurity company, has discovered a group of ChatGPT-based apps that masquerade as legitimate chatbots. The apps offer limited features and bombard users with ads until they sign up for a subscription, which can cost several hundred dollars a year. Sophos investigated five such apps, all of which falsely claimed to be based on ChatGPT’s algorithm. The developers optimised the app’s ranking in the Google Play and App Store by using the ChatGPT name to imply legitimacy. Fleeceware apps use social engineering and coercive tactics on users to entice them to subscribe. Typically, they offer a free trial, but this is only usable after paying for the subscription. The apps often inflate their ratings with persistent review requests from users.
OpenAI offers the basic functionality of ChatGPT for free online, making these apps fraudulent as they charge users for functionality already available for free. Sophos first identified this group of fraudulent apps in 2019, and since then, it has become a rising trend. The principal threat researcher at Sophos, Sean Gallagher, noted that fleeceware apps are designed to stay on the edge of what’s allowed by Google and Apple in terms of service, making them almost impossible to reject during reviews. Gallagher advises users to follow app store guidelines to unsubscribe, noting that merely deleting the app will not stop the subscription.
Sophos is a cybersecurity company focused on providing cutting-edge security to its clients by preventing cybercrime and malware attacks. Sophos X-Ops is the division of the company responsible for providing customers with a Cybersecurity Operations Center (SOC) service.
Sean Gallagher is the Principal Threat Researcher and Director of Sophos Labs. He is a seasoned cybersecurity expert and has over 20 years of experience working in the security industry. Gallagher’s primary responsibility at Sophos is to research and analyse the latest cyber threats and identify trends and patterns that can help consumers use the internet safely.
