Would-be ChatGPT users are being targeted for malware and identity theft scams

ChatGPT has blown up in just a few months’ time, becoming the fastest growing app of all time.

So, of course, hackers are already weaponizing the popularity of OpenAI’s artificial intelligence chatbot in order to scam internet users.

Cybersecurity researchers have already uncovered hundreds of recently registered(Opens in a new tab) domains utilizing the term “ChatGPT.” While not all of these domains will be weaponized for nefarious purposes, some of them already are being used in that way.

Tweet may have been deleted
(opens in a new tab)
(Opens in a new tab)

Cybersecurity researcher Dominic Alvieri has shared his findings on social media regarding the fake ChatGPT websites that he’s come across, which try to spread malware and steal victims’ private information. 

According to Alvieri, and as first reported by Bleeping Computer(Opens in a new tab), one such website “chat-gpt-pc.online” attempted(Opens in a new tab) to convince visitors to its page that ChatGPT was offered as a downloadable local application for Windows. Alvieri found that this download would inject users with the RedLine information-stealing malware. Essentially, this malware steals stored information in users’ applications, such as their web browser. For example, if a user has Google Chrome store their passwords or credit card information, this malware can pull the data and send it to the hacker.

Tweet may have been deleted
(opens in a new tab)
(Opens in a new tab)

In addition to the targeting of Windows users, Alvieri also found(Opens in a new tab) fake ChatGPT apps in the Google Play Store. Upon download, these apps would deploy similar phishing campaigns to steal users’ information.

Tweet may have been deleted
(opens in a new tab)
(Opens in a new tab)

A new report(Opens in a new tab) from cybersecurity firm Cyble found just how widespread this was becoming, discovering more than 50 fake ChatGPT apps. And the Cyble report found some interesting ways hackers were attempting to steal from their victims too. One download installed a program called “chatGPT1.” It provides no AI utility but does secretly subscribe its target to numerous paid services in what’s known as SMS billing fraud.

Those looking to actually use ChatGPT without getting scammed should go directly to the OpenAI website at the url https://chat.openai.com(Opens in a new tab), or its recently acquired domain, AI.com(Opens in a new tab).

As ChatGPT continues to grow its user base and especially so after unveiling a paid element via its $20 per month subscription plan, users should be alert for bad faith actors looking to steal their information and cash in on the AI trend.