ChatGPT, the AI chatbot platform that has gained immense popularity since its launch on November 30, 2022, has become a breeding ground for cybercriminals. Scammers are taking advantage of gullible users to launch malware attacks using fake ChatGPT AI chatbots. Researchers at Palo Alto Networks’ Unit 42 have identified a new wave of malware variants that target users interested in using the ChatGPT tool.
The researchers identified two distinct types of active malware: the first is a Meterpreter Trojan disguised as a SuperGPT app. This GPT-4-powered AI assistant is capable of performing tasks like writing emails, answering questions, and translating languages. It also comes equipped with speech recognition, making it a dangerous tool for scammers to use against unsuspecting individuals.
The second malware variant poses as a ChatGPT app, but instead of functioning as a chatbot, it sends messages to premium-rate numbers located in Thailand. If this malicious version of the application is successfully exploited, hackers can remotely access the victim’s Android device. All of these APK malware samples possess the OpenAI logo, which is commonly associated with ChatGPT, as their application icon. This further confuses users and makes it easier for scammers to deceive them.
Malware themed around ChatGPT presents a grave threat to the security and privacy of mobile devices. Such malware variants have the potential to steal sensitive information, spy on user activities without authorization, and cause substantial financial harm. Researchers have warned users to be cautious when using any chatbot or AI app that resembles ChatGPT and to be wary of downloading any suspicious unfamiliar apps to their devices.
It is important to remain vigilant when downloading apps and to only use reputable sources like Google Play or the App Store. Always take time to read the reviews of an app and to scrutinize its permissions before downloading it. For added safety, users can install antivirus software on their devices and keep it updated with the latest definitions. By taking these precautions, users can ensure their mobile devices remain safe and secure.
