ChatGPT, an AI tool launched by OpenAI in November 2022, has become a popular target for various threat actors (TAs) looking to distribute malware or carry out other cyberattacks. Cyble Research and Intelligence Labs (CRIL) has discovered phishing websites promoted through a fraudulent OpenAI social media page, which mislead users into downloading malicious files onto their machines.
Several phishing sites also impersonate ChatGPT to steal credit card information. Additionally, some Android malware families use the ChatGPT icon and name to deceive users into believing they are legitimate applications.
CRIL found an unofficial ChatGPT social media page with many likes and followers. Although the page appears to be trying to build credibility by posting videos and other unrelated content, some posts contain links to phishing pages that impersonate ChatGPT. These pages prompt users to download malicious files that can infect their devices.
CRIL also investigated various typosquatted domains related to OpenAI and ChatGPT and discovered that they were being used in phishing attacks. These phishing sites distributed various malware families, including Lumma Stealer, Aurora Stealer, and clipper malware.
The increasing popularity of ChatGPT, which can answer a wide range of questions and help users improve their productivity, has attracted many legitimate users. However, it has also become an attractive target for TAs.
CRIL’s discovery highlights the need for users to exercise caution when downloading files from unverified sources, clicking on suspicious links, or entering personal information on suspicious websites. The organization also advises users to use only official pages and verified links related to ChatGPT to avoid falling victim to phishing scams or malware attacks.
