The popularity of OpenAI's viral artificial intelligence (AI) chatbot ChatGPT, which went viral in November 2022, is being misused by threat actors to distribute malware for Windows and Android and even lead victims to phishing pages, security researchers gave discovered. According to threat intelligence provider Cyble, there have been several instances where threat actors (TAs) have taken advantage of ChatGPT’s popularity to distribute malware as well as carry out other cyberattacks.
Fraudulent OpenAI social media page used to spread malware
Cyble Research and Intelligence Labs (CRIL) has identified several phishing websites that are being promoted through a fraudulent OpenAI social media page, in an attempt to spread various types of malware. Furthermore, several phishing sites are impersonating ChatGPT to steal credit card information.
As per CRIL, its thorough investigation of various typosquatted domains related to OpenAI and ChatGPT revealed that they were being utilised for phishing attacks.
"During our investigation, we identified that these phishing sites were also distributing several notorious malware families, including Lumma Stealer, Aurora Stealer, clipper malware, etc," CRIL said in a statement.
Exploiting ChatGPT’s widespread usage, various families of Android malware are using ChatGPT's name and icon to mislead users into believing they are authentic applications, thus, leading to the theft of sensitive information from Android devices.
For example, an unofficial ChatGPT social media page with a substantial following and likes has been found operating. The page features multiple posts about ChatGPT and other OpenAI tools. The page seems to be trying to build credibility by including a mix of content, such as videos and other unrelated posts. However, a closer look reveals that some posts on the page contain links that lead users to phishing pages that impersonate ChatGPT. These phishing pages trick users into downloading malicious files onto their machines.
Open AI's ChatGPT gained immense popularity late last year and became one of the most rapidly growing consumer applications in modern history with over 100 million users by January 2023.