Scammers are spoofing ChatGPT to spread malware

ChatGPT has blown up in just a few months’ time, becoming the fastest growing app of all time.

So, of course, hackers are already weaponizing the popularity of OpenAI’s artificial intelligence chatbot in order to scam internet users.

Cybersecurity researchers have already uncovered hundreds of recently registered domains utilizing the term “ChatGPT.” While not all of these domains will be weaponized for nefarious purposes, some of them already are being used in that way.


Tweet may have been deleted
(opens in a new tab)

Cybersecurity researcher Dominic Alvieri has shared his findings on social media regarding the fake ChatGPT websites that he’s come across, which try to spread malware and steal victims’ private information. 

According to Alvieri, and as first reported by Bleeping Computer, one such website “chat-gpt-pc.online” attempted to convince visitors to its page that ChatGPT was offered as a downloadable local application for Windows. Alvieri found that this download would inject users with the RedLine information-stealing malware. Essentially, this malware steals stored information in users’ applications, such as their web browser. For example, if a user has Google Chrome store their passwords or credit card information, this malware can pull the data and send it to the hacker.


Tweet may have been deleted
(opens in a new tab)

In addition to the targeting of Windows users, Alvieri also found fake ChatGPT apps in the Google Play Store. Upon download, these apps would deploy similar phishing campaigns to steal users’ information.


Tweet may have been deleted
(opens in a new tab)

A new report from cybersecurity firm Cyble found just how widespread this was becoming, discovering more than 50 fake ChatGPT apps. And the Cyble report found some interesting ways hackers were attempting to steal from their victims too. One download installed a program called “chatGPT1.” It provides no AI utility but does secretly subscribe its target to numerous paid services in what’s known as SMS billing fraud.

Those looking to actually use ChatGPT without getting scammed should go directly to the OpenAI website at the url https://chat.openai.com, or its recently acquired domain, AI.com.

As ChatGPT continues to grow its user base and especially so after unveiling a paid element via its $20 per month subscription plan, users should be alert for bad faith actors looking to steal their information and cash in on the AI trend.