February 27, 2023
According to cybersecurity researcher Dominic Alvieri, hackers are using hundreds of newly registered domains with the term “ChatGPT.” While not all of these domains will be weaponized for malicious purposes, some of them already are.
Alvieri shared his findings on Twitter about fake ChatGPT websites that try to spread malware and steal victims’ personal information. The hackers created fake ChatGPT apps that were disguised as legitimate ones and distributed them through social media platforms, chat groups, and other channels.
After users downloaded and installed the fake app, malware would be installed on their device, allowing it to steal personal information and perform other malicious actions. Users should only download apps from trusted sources and exercise caution when downloading apps from unknown sources.
According to Alvieri, one such website, “chat-gpt-pc.online,” attempted to persuade visitors to its page that ChatGPT was available as a downloadable local Windows application. Alvieri discovered that this download would infect users with the information-stealing malware RedLine. This malware essentially steals information from users’ applications, such as their web browser.
That website was promoted by a Facebook page that used official ChatGPT logos to redirect users to the malicious site. Alvieri also discovered fake ChatGPT apps being promoted on Google Play and third-party Android app stores in order to install malicious software on users’ devices.
The domain identified by Alvieri also resulted in the delivery of Lumma stealer malware. Attackers have also used the “chatgpt-go[.]online” domain to distribute Aurora stealer and clipboard content-stealer malware, while the “openai-pc-pro[.]online” domain has been used to distribute mysterious malware.
The sources for this piece include an article in Mashable.
