Beware fake ChatGPT sites infecting users with malware

The rise of artificial intelligence (AI) content generation has alarmed a number of experts, from fears that AI tools may replace real creators, to the fact that such tools can be used to create malware. But the latest wrinkle in the tapestry of AI content is fake ChatGPT sites that install real malware.

Researchers at Cyble Research and Intelligence Labs have found a number of threat actors taking advantage of ChatGPT’s growing popularity and using different tactics to fool users.

One method the researchers found revolved around an unofficial social media page that talks up the power of AI and the usefulness of ChatGPT in particular. Posts are frequent, and the page has a lot of followers, making it seem legit — but the links posted lead to domains that are almost correct, but are most likely typo-squatted sites.

The fake sites look the real deal, design-wise, and allows users to download a version of ChatGPT for Windows — however, the site downloads a compressed file that includes info-stealer malware.

============

There’s a range of fake sites that are spreading a range of malware, from Aurora Stealer to Lumma Stealer and more. But other sites are also phishing pages, tricking victims into paying for the privilege of getting infected by malware, and stealing credit card details to boot.

But PC users are not alone. Threat actors are also using the legitimate ChatGPT icon to mask malicious Android apps. These apps range from SMS fraud applications that secretly sign victims up to premium network services, to apps that are, in fact, spyware or that simply display ads to users to make money for their distributors.

“Threat actors often impersonate genuine and famous entities to look legitimate and carry out malicious activities,” Cyble’s researchers conclude. “As ChatGPT’s popularity continues to rise, it has become a target for threat actors launching malware and phishing attacks to target their victims. Our research has shown that these TAs are imitating ChatGPT to distribute malware on both Windows and Android platforms and launch phishing attacks.”

“Users who fall victim to these malicious campaigns could suffer financial losses or even compromise their personal information, causing significant harm.”

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.