- Android malware impersonates ChatGPT, leading to unwanted charges and remote access.
- Deceptive APKs using the OpenAI logo send premium-rate SMS.
- Users must verify app authenticity to avoid AI chatbot malware.
A recent report has highlighted a concerning increase in malware designed for Android devices. These malicious programs attempt to deceive smartphone users by impersonating the popular AI chatbot application called ChatGPT. The researchers at Palo Alto Networks Unit 42 have discovered two types of active malware that emerged after OpenAI released GPT-3.5 and GPT-4. These malware variants target individuals who are interested in using the ChatGPT tool.
One type of malware disguises itself as a “SuperGPT” app but is, in fact, a Meterpreter Trojan. The other malicious app, named “ChatGPT,” sends messages to premium-rate numbers in Thailand, potentially leading to unwanted charges for users.
Furthermore, the researchers have come across a Trojanized version of a legitimate application, which initially appears to be an AI assistant built on the latest version of ChatGPT. However, if successfully exploited, this modified application allows the attacker to gain remote access to the Android device.
A novel attack vector for threat actors accompanies the rise of #ChatGPT’s notoriety — the use of #malware posing as ChatGPT-adjacent apps. We present two findings of this type of attack: a Meterpreter Trojan and a messaging app. https://t.co/4XHYtUwmpE pic.twitter.com/yW07ioZp69— Unit 42 (@Unit42_Intel) June 15, 2023
Additionally, the researchers have identified another cluster of malware samples in the form of Android Package Kits (APKs). These APKs display a webpage resembling a description of ChatGPT on the surface. However, beneath this seemingly innocent façade lies a sinister intent, as described in the report.
What adds to the deceptive nature of these malware samples is their use of the OpenAI logo, which is commonly associated with ChatGPT. These malicious APKs adopt the OpenAI logo as their application icon, further reinforcing the false notion that they are legitimate versions of the ChatGPT AI tool.
These APK malware samples possess the capability to send SMS messages to premium-rate numbers in Thailand. It’s worth noting that premium-rate numbers typically incur higher charges compared to regular phone numbers and are often used in exchange for specific services or information.
The researcher’s findings are a cause for concern as cybercriminals continue to develop and distribute malware, exploiting users’ interest in AI chatbot applications like ChatGPT. It is crucial for smartphone users to exercise caution and verify the authenticity of applications before downloading them, especially when they are related to popular platforms or services.