Malicious Fake ChatGPT Apps: 7 AI Malware Scams to Avoid

7 Malicious Fake ChatGPT Apps Explained
Frauds exploit ChatGPT not only for writing malware or email scam texts

Public release of ChatGPT made a sensation back in 2022; it is not an exaggeration to say it is a gamechanger. However, the scammers go wherever large numbers of people do. Fake ChatGPT services started popping up here and there, and this is not going to be over even nowadays. So, what is ChatGPT virus? How dangerous are they? Let’s review the most noticeable examples.

Fake ChatGPT Sites: From Money Scams to Malware

The wave of hype around the public release of ChatGPT attracted a lot of attention from people, though not all of them were able to use it right away. Folks from a lot of countries were hunting for access to the novice technology, and it was quite obvious that rascals would find the way to scam the rushing ones. This started the wave of malicious fake ChatGPT apps, which now evolved into more sophisticated and diverse frauds.

Let’s talk about the typical profile of such a scam. The webpage involved in a scam typically has a strange URL, which contains ChatGPT or OpenAI name, and is commonly registered on a cheap TLD – .online, .xyz or the like. The exact website is made exquisitely simple, with minimum details and only a few buttons to click on. And all the activity on the website boils down to 2 things: downloading a file or paying a certain sum of money that will never be seen again.

In some cases, frauds opt for spreading mobile malware under the guise of a genuine app from OpenAI. This was especially profitable before the official one was released, but such frauds still go even these days. In the best case scenario, they just charge a sum of money for a cheap shell over GPT 3.5 API, which is free. Worse situations include no functionality at all, chargeware activity of the app, or a spyware/infostealer hidden inside.

I will begin reviewing the examples of fake ChatGPT sites and apps that spread outright malware. However, there were a couple with a financial scam at the end – you will see them in the end.

Chat-gpt-pc[.]online

Probably, one of the earliest malicious fake ChatGPT sites, detected a year ago – in early February 2023. On a fairly nice designed site, frauds were offering to download a desktop client for the chat bot. For people who were not aware that the original Chat is available only on the OpenAI’s website, this was a seemingly legit offer. However, upon downloading and installing the supposed client, defrauded folks were infected with RedLine stealer. Most of the instances were promoted through Facebook ads and groups and, in some regions, via SEO poisoning.

openai-pc-pro.online fake ChatGPT

Openai-pc-pro[.]online

One more malicious website, that copies the design of the original OpenAI page and effectively repeats the first one in our list. Aside from the same page design, it was offering to download the “desktop client” for the chat bot. As you may guess, the downloaded file contained malware, specifically Redline Stealer. Since both were promoted from the same Facebook group with ChatGPT-related naming, I suspect they belong to the same malware spreading campaign.

Chatgpt-go[.]online

A malicious website that copied the design of the original OpenAI page with ChatGPT dialogue box, but without the usual input prompt. Instead of the latter, there was a button labeled “TRY CHATGPT”, which led to malware downloading. Several other interactive elements across the site were also downloading the malware. For payloads from that site, I detected Lumma Stealer and several clipper malware samples. The main way of promotion this time was malicious Google Ads.

Pay[.]chatgptftw[.]com

A fake ChatGPT that contrasts three previous examples. Instead of malware spreading, one tries to gather users’ payment information. By mimicking a billing page that allegedly takes pay for accessing the technology, frauds collect the complete set of banking info, including usernames and email addresses. The promotion ways for such scams were the same – groups and ads on Facebook.

pay-chatgptftw.com fake payment form

SuperGPT (Meterpreter inside)

The example of malware disguised as a SuperGPT Android app, which is a legit AI assistant derived from the original GPT model. It was rather obvious that scoundrels will take advantage of poor app moderation on GP in this case. The questions were about where and how the frauds will exploit it. On the surface, the app looks the same as the original one. Though, it in fact contains Meterpreter malware – a RAT/backdoor designed specifically for Android.

AI Chatbot

A recent semi-scam iOS program that looks like yet another ChatGPT-like application. Even though there is an official app, and people now are more aware of GPT 3.5 being free, this thing does its job pretty well. It is hard to call one an outright scam or malware, as people deliberately give up the money. But the pricing of $50 for accessing the 3.5 model, along with the rather limiting interface, makes it a rather junky program to use.

Fake SuperGPT App

ChatGPT1

Another example of malware that targets Android devices, but this time, it falls under the designation of chargeware. This peculiar mobile-specific type of malware brings money to its devs by draining users’ mobile accounts and banking cards with covert subscription services. ChatGPT1 specifically does that by sending SMS messages to a premium number, each of them costing quite a penny.

How to Detect and Avoid Malicious Fake ChatGPT Apps?

Even though the brainchild of OpenAI has been around for over a year now, it is still a profitable topic for frauds. Promises to get access to a paid AI model for free or at a discount may sound attractive, but will inevitably have certain drawbacks. Such tricky services may range from a softcore swindle to outright malicious tricks. Here are a few tips to follow each time when you encounter an AI-related service.

If the offer is too good to be true, it is most likely not true. Who and what will ever offer paid AI models access at miserable prices? In legit cases, this still requires paying for the API access, and splitting the account may lead to lags and delays. But most of the time, frauds will take your money and give you a free/less expensive model, or nothing at all.

Be vigilant to the apps you download and install. A file from some shady site with a strange URL, that is allegedly a desktop ChatGPT version, just screams with red flags. Even if you encounter a seemingly legit offer, but on a strange domain or Google Play listing, be careful with the files they spread. Consider scanning such a download on our free Online Virus Scanner.

Malicious Fake ChatGPT Apps: 7 AI Malware Scams to Avoid

By Stephanie Adlam

I write about how to make your Internet browsing comfortable and safe. The modern digital world is worth being a part of, and I want to show you how to do it properly.

Leave a comment

Your email address will not be published. Required fields are marked *