Researchers Observe Massive Malware Written for the Android Platform Trying to Impersonate the ChatGPT App
Posted Date – 11:15 PM, Fri – 6/16/23
New Delhi: Researchers have observed a surge in malware written for the Android platform trying to target smartphone users by impersonating the popular AI chatbot ChatGPT app, according to a new report on Friday.
According to researchers at Palo Alto Networks Unit 42, these malware variants emerged with the release of OpenAI’s GPT-3.5 and GPT-4, infecting victims interested in using the ChatGPT tool.
Researchers found two types of active malware — a Meterpreter trojan masquerading as a “SuperGPT” app, and a “ChatGPT” app that sends messages to premium numbers in Thailand.
Additionally, the report mentions that researchers discovered a malicious Android Package Kit (APK) sample that turned out to be a Trojanized version of a legitimate app.
The legitimate app is an AI assistant built on the latest version of ChatGPT. If exploited successfully, a malicious version of this application would allow attackers to remotely access Android devices.
The researchers also found another set of APK malware samples. On the surface, the malware appears to be displaying a webpage with a description of ChatGPT. However, according to reports, there are sinister intentions behind this threat.
Additionally, all of these APK samples use the OpenAI logo often associated with ChatGPT as their application icon, adding to the deceptive narrative that the app is associated with the ChatGPT AI tool.
These APK malware samples are capable of sending text messages to premium numbers in Thailand.
Toll numbers charge more than regular phone numbers in exchange for a service (for example, a user provides information).
The businesses behind it collect revenue, but this can also be misused for scams and fraudulent activities, the report said.
