Android malware mimics ChatGPT apps to target smartphone users: Report
Researchers have found two types of active malware -- one is a Meterpreter Trojan and the other is a "ChatGPT" app that sends messages to premium-rate numbers in Thailand.
NEW DELHI: Researchers have observed a surge of malware written for the Android platform that is attempting to impersonate the popular AI chatbot ChatGPT application to target smartphone users, a new report showed on Friday.
According to researchers from Palo Alto Networks Unit 42, these malware variants emerged along with the release by OpenAI of GPT-3.5, followed by GPT-4, infecting victims interested in using the ChatGPT tool.
Researchers have found two types of active malware -- one is a Meterpreter Trojan disguised as a "SuperGPT" app, and the other is a "ChatGPT" app that sends messages to premium-rate numbers in Thailand.
Moreover, the report mentioned that the researchers uncovered a malicious Android Package Kit (APK) sample, which turned out to be a Trojanised version of a legitimate application.
The legitimate application is an AI assistant built on the most recent version of ChatGPT. If exploitation is successful, the malicious version of this application allows the actor to gain remote access to an Android device.
Another cluster of APK malware samples was also discovered by the researchers. On the surface, the malware appears to be displaying a webpage with a description of ChatGPT. However, this threat hides a sinister intent beneath it, according to the report.
In addition, all of these APK samples use the OpenAI logo, which is frequently associated with ChatGPT, as their application icon, adding to the deceptive narrative that this application is associated with the ChatGPT AI tool.
These APK malware samples are capable of sending SMS messages to premium-rate numbers in Thailand.
Premium-rate numbers cost more than regular phone numbers and are used in exchange for some sort of service (e.g., users providing information).
The business behind it collects the earnings, but this can also be abused to conduct scams and fraudulent activity, the report said.