Fake app, real malware: a new ChatGPT scam!
For now, ChatGPT, OpenAI’s AI solution, is only available on browser and for free. A paid option, at $20 per month, is offered by the company, but no official mobile application has yet been deployed. However, on the Android and iOS stores, dozens of applications abound, going so far as to use the codes of the OpenAI brand.
Malware, scams and credential theft
It was cybersecurity researcher Alex Kleber who, in a recent report, identified a large-scale scam on the Apple Store. A large number of applications, offering a chatbot service powered by GPT-4, are in reality only clones. Behind these tools, the same developer who, behind several accounts, deceives the user by taking over the visual codes of OpenAI.
The Ongoing Saga of the Dark Side of the Mac App Store: New Scam Apps and Shady Tactics Used by Developers to Exploit Unsuspecting Usershttps://t.co/eJAvYm6at4
— Alex Kleber aka Privacy 1st (@privacyis1st) May 2, 2023
The application, once downloaded, of course does not keep its promises. These are only low-end imitations, the sole purpose of which is to enrich the scammer. The user is incentivized to pay for accessing a premium version which, in reality, does not provide any additional functionality. According to Alex Kleber, these scams generate significant sums and, icing on the cake, are not challenged by the Apple Store moderation teams.
Beware of your data on ChatGPT
If you want to use ChatGPT, then stick to the official version of the tool, offered by Open AI. Be careful though, this is an AI in the development phase, it is therefore possible that the data shared with the bot will be used by the company for analysis purposes. Never share confidential or sensitive information with the robot.
Be careful also with the many extensions linked to ChatGPT, especially on Chrome! If these are, for the most part, indeed connected with the chatbot, they do not however depend on OpenAI. It is then difficult to know if the developer is trustworthy, but also what is the privacy policy of this or that tool. Some Chrome extensions can also represent real security risks for your devices.
We therefore repeat the procedure: install only useful and trusted applications, avoid browser extensions requiring access to sensitive features, limit superfluous solutions. Simple gestures that save your data!