WARNING! Hackers using “fake” ChatGPT to spread malicious code on Android vs Windows

ChatGPT has attracted the majority of users since its launch in November 2022, becoming the fastest growing app in history with over 100 million users by January 2023.

The popularity and high user speed forced OpenAI to launch ChatGPT Pluss, a paid version with 20 USD/month for users who want to use the chatbot without limited features.

This move allows hackers to abuse the popularity of this tool with free and uninterrupted access to ChatGPT.

Security researcher Donimic Alvieri was one of the people who discovered the process of spreading malware on user devices. Upon accessing the “chat-gpt-pc.online” domain, the Redline credentials-stealing malware downloads to the ChatGPT client on Windows PCs.

The website is attached on a fanpage with an avatar of the ChatGPT logo to trick users into scrolling. Alvieri also discovered fake ChatGPT apps being advertised on Google Play and third-party Android app stores.

Researchers at Cyble also discovered more about the malware distribution campaign detected by Alvieri, as well as activities abusing ChatGPT’s popularity. Cyble said that if a user visits the “chatgpt-go.online” domain, the site will distribute malware aimed at stealing data on your device.

In addition, Cyble discovered the website “pay.chatgptftw.com” intended to steal credit cards, when users access payment to buy ChatGPT Plus.

ChatGPT is just an online based tool available only at “chat.openai.com” and is available with any mobile or PC app.

Any other app or website claiming to be ChatGPT is “fake”, intended to deceive users or infect malware, and users should not arbitrarily download it to their devices.