Malware is on the rise for people who are interested in ChatGPT
You DO NOT need to install a program or software to test or use ChatGPT. Just go to the real website.
“ChatGPT malware” refers to malicious content distributed under the guise of ChatGPT (Chat Generative Pre-trained Transformer) – a chatbot developed by OpenAI. Since its inception in the autumn of 2022, ChatGPT has reached extreme popularity. At the time of writing, its user base has grown over 100 million. It is particularly prevalent that any enormously popular product/service is swiftly taken advantage of by cyber criminals and scammers alike.
Although ChatGPT is only available online (chat.openai.com), numerous fake desktop clients and mobile apps imitating this chatbot have been discovered. A variety of harmful and malicious software has been proliferated using “ChatGPT” as a disguise.
Additionally, OpenAI has released ChatGPT Plus – a paid premium service. This has opened the avenue for cyber criminals to offer “cracked” versions and create fake payment websites that target victims’ financial information.
At the time of writing, ChatGPT is exclusively an online tool – hence, there are no desktop or mobile applications available. However, over 50 “ChatGPT” apps have been discovered in the wild. Promoted on fraudulent ChatGPT/OpenAI Facebook pages, malicious websites, Google Play, and third-party Android stores – the applications include a variety of dubious and virulent content (e.g., adware, PUAs, trojans, etc.).
To summarize, the presence of an illegitimate ChatGPT app on a device could result in encounters with questionable/malicious ads or redirects, browsing activity tracking, data loss, severe privacy issues, significant financial losses, and identity theft.
Furthermore, since the creation of ChatGPT Plus – a premium service based on a monthly subscription, cyber criminals have started promoting fake payment sites for this service. The sites (regardless of whether used to proliferate malware or collect sensitive data) can perfectly mimic the graphics used by ChatGPT’s official website (chat.openai.com) and use typosquatting techniques to get the URLs as close to the original as possible.
The discovered phishing sites target users’ credit card information (e.g., names, card numbers, expiration dates, CVVs, etc.), which can then be used by the scammers to make unauthorized online purchases or perform other credit card related fraud.
Due to the prevalence of fake ChatGPT content, we strongly recommend caution. Therefore, pay attention to URLs and enter them with care; do not trust offers that sound too good to be true, and do not download/install software promoted by suspicious sources.