Scammers trick ChatGPT into spreading malware

No new product can be considered successful online until scammers show up.

ChatGPT has exploded in just a few months, becoming the fastest growing app ever.

So, of course, hackers are already weaponizing the popularity of OpenAI’s AI bots in order to scam people.

Cybersecurity researchers have already discovered hundreds of registered(Opens in a new tab) Domains that use the term “ChatGPT”. Although not all of these domains were used as weapons for nefarious purposes, some were actually used in this way.

The tweet may have been deleted
(Opens in a new tab)
(Opens in a new tab)

Cybersecurity researcher Dominique Alfieri shared his findings on social media regarding fake ChatGPT sites he encountered that attempt to distribute malware and steal victims’ private information.

According to Alvieri, and as first reported by Bleeping Computer(Opens in a new tab)Like this site “chat-gpt-pc.online” tent(Opens in a new tab) To convince his page visitors that ChatGPT is offered as a downloadable native application for Windows. Alvieri discovered that this download would inject users with RedLine malware to steal information. Basically, this malware steals information stored in users’ applications, such as their web browser. For example, if a user asks Google Chrome to store their passwords or credit card information, this malware can extract the data and send it to the hacker.

The tweet may have been deleted
(Opens in a new tab)
(Opens in a new tab)

Besides targeting Windows users, Alvieri too Find(Opens in a new tab) Fake ChatGPT Apps in Google Play Store. When downloaded, these applications will deploy similar phishing campaigns to steal user information.

The tweet may have been deleted
(Opens in a new tab)
(Opens in a new tab)

New report(Opens in a new tab) Cybersecurity firm Cyble has seen how widespread this is, exposing more than 50 fake ChatGPT apps. Cyble’s report also found interesting ways for hackers to steal from their victims. A program called “chatGPT1” has been downloaded. It does not provide any AI utility but secretly subscribes its target to many paid services in what is called SMS billing fraud.

Those looking to use ChatGPT without getting scammed should go directly to the OpenAI website at the url https://chat.openai.com(Opens in a new tab)or its recently acquired domain, AI.com(Opens in a new tab).

As ChatGPT continues to grow its user base and especially after revealing a paid feature through its $20 per month subscription plan, users should be wary of ill-intentioned actors seeking to steal their information and take advantage of the AI ​​trend.