Innocuous Names, Hidden Dangers: A Guide to Authentic ChatBots!

Innocuous Names, Hidden Dangers: A Guide to Authentic ChatBots

Many people use ChatGPT for various legitimate uses, including answering questions, generating content, explaining complex concepts, and writing code. However, the limitations of the free version of the chatbot, like delayed responses, can be frustrating.

MUO VIDEO OF THE DAY

SCROLL TO CONTINUE WITH CONTENT

Malicious actors often exploit these limitations by encouraging users to download a supposedly premium version of ChatGPT for free. The fake chatbot may contain malware that can be used for cyberattacks, like data theft.

Here’s a list of malicious ChatGPT-themed domains and apps that you need to be aware of.

1. chat-gpt-pc.online

Security researchers at Cyble Research and Intelligence Labs (CRIL) uncovered cybercriminals using the domain “chat-gpt-pc.online” to attract unsuspecting users into downloading a supposed ChatGPT Windows desktop client. This client, however, contained the RedLine info-stealing malware .

The cybercriminals used a Facebook page impersonating OpenAI, complete with official ChatGPT logos, to redirect unsuspecting users to the malicious site.

2. openai-pc-pro.online

The experts at CRIL also discovered an unidentified malware strain being distributed through the domain “openai-pc-pro.online,” a malicious domain posing as the official ChatGPT website.

The domain is promoted by “Chat GPT AI,” a popular ChatGPT-themed Facebook page, a page that frequently posts about ChatGPT and OpenAI’s Jukebox . The posts often contain links to malicious domains, including openai-pc-pro.online.

The suspicious domain directs users to a fake OpenAI website resembling the official one. The site features a “DOWNLOAD FOR WINDOWS” button, which, when clicked, downloads an executable file containing data-stealing malware.

3. chat-gpt-pc.online

ChatGPT AI, the fake ChatGPT Facebook page, also features posts that include links to “chat-gpt-pc.online,” another domain that redirects users to a malicious ChatGPT-themed website.

4. chatgpt-go.online

The domain “chatgpt-go.online” leads users to a website that’s a clone of the official ChatGPT website. The copy-pasted site, however, swaps the “TRY CHATGPT” button link with malicious links containing Lumma Stealer. The domain also hosts different kinds of malicious files, including clipper malware and Aurora stealer.

5. pay.chatgptftw.com

Cybercriminals also use ChatGPT-themed payment pages for financial fraud. For example, on the domain “pay.chatgptftw.com,” Cyble came across a page designed to steal credit card details. This webpage poses as a genuine payment page for ChatGPT Plus.

6. ChatGPT1

The Cyble report highlights another malware app that uses the ChatGPT icon. The malicious app, “ChatGPT1,” is an SMS billing fraud app downloaded as chatGPT1.apk. It operates discreetly, subscribing users to premium services without their consent.

7. AI Photo

“AI Photo” is another app that uses the ChatGPT icon, but is malicious in intent. This app was found to harbor the SpyNote malware, capable of stealing device files, contact lists, call logs, and text messages.

8. Meterpreter Posing as “SuperGPT” App

SuperGPT is an AI assistant app built on ChatGPT. However, researchers from Unit 42 uncovered a malicious APK sample posing as the app. This fake “SuperGPT” is a Meterpreter Trojan, a RAT that enables remote access of Android devices.

9. Trojan-PSW.Win64.Fobo

Kaspersky researchers discovered that cybercriminals were using a fake ChatGPT desktop client for Windows to distribute a stealer Trojan. The Trojan, dubbed Trojan-PSW.Win64.Fobo, if installed on the user’s computer, can steal account details stored in various browsers, including Chrome, Edge, Firefox, and Brave.

The Trojan targets Facebook, TikTok, and Google accounts, stealing logins and financial info, like ad spending and current balance. To achieve this, the perpetrators create social media groups resembling official OpenAI accounts or enthusiast communities, where they post download links for a purported ChatGPT desktop client.

If you click the link, you’ll be redirected to a website that prompts you to download ChatGPT for Windows. Clicking on the button will download an archive containing an executable file.

Upon extracting the archive and running the file, you may or may not receive an installation failure message. In either case, the Trojan is installed.

VSDC Pro Video Editor is a light professional non-linear video editing suite for creating a movie of any complexity. It supports the most popular video/audio formats and codecs, including 4K, HD and GoPro videos. Preconfigured profiles make the creation of videos for various multimedia and mobile devices absolutely hassle-free.

Key features:

• Import from any devices and cams, including GoPro and drones. All formats supported. Сurrently the only free video editor that allows users to export in a new H265/HEVC codec, something essential for those working with 4K and HD.
• Everything for hassle-free basic editing: cut, crop and merge files, add titles and favorite music
• Visual effects, advanced color correction and trendy Instagram-like filters
• All multimedia processing done from one app: video editing capabilities reinforced by a video converter, a screen capture, a video capture, a disc burner and a YouTube uploader
• Non-linear editing: edit several files with simultaneously
• Easy export to social networks: special profiles for YouTube, Facebook, Vimeo, Twitter and Instagram
• High quality export – no conversion quality loss, double export speed even of HD files due to hardware acceleration
• Stabilization tool will turn shaky or jittery footage into a more stable video automatically.
• Essential toolset for professional video editing: blending modes, Mask tool, advanced multiple-color Chroma Key

Protect Yourself From Malicious ChatGPT-Themed Apps

Malicious actors are using ChatGPT-themed mobile apps and desktop clients to spread malware on computing devices. These apps often pose as free versions of premium ChatGPT and are commonly promoted through social media and email campaigns.

Some malicious apps and domains include chatGPT1, AI photo, openai-pc-pro.online, and pay.chatgptftw.com. To protect against potential malware infections from such sources, be cautious when downloading third-party apps, keep your device updated, and consider using reputable antimalware software.