ChatGPT is an OpenAI chatbot that uses internet data to generate text and can answer many questions and create content on various topics. However, malicious actors can also exploit this technology to write code with malicious intent, create viruses, or develop harmful apps and websites such as fake ChatGPT. For example, Cyberangel reported that hackers took control of 4 million Facebook accounts by tricking users into downloading fake ChatGPT apps disguised as Chrome extensions. The hackers then replaced the accounts' usernames and profile pictures with photos of Lily Collins. Cybercriminals use this tactic to steal personal information and bypass two-factor authentication.
What are Fake ChatGPT apps and websites?
Currently, no official ChatGPT app is available for download via the Google Play Store or App Store. The chatbot is exclusively accessible through its official webpage.
Trend Micro researchers have found more fake ChatGPT apps lately. Some have been identified as malicious Trojan viruses, while others as Potentially Unwanted Applications (PUAs). These apps may not be considered malware, but they still present certain privacy and security risks. Below are some examples of malicious fake ChatGPT apps:
Here are some fake ChatGPT app logos:
Along with fake ChatGPT apps, researchers have also discovered suspicious ChatGPT websites designed to install malware on your computer, putting your personal information at risk. Also, there were fraudulent payment pages masquerading as legitimate upgrade options for ChatGPT Plus, but instead, they put your money or data at risk.
What happens if you accidentally install fake ChatGPT apps or visit a fake ChatGPT website?
- Malware Infection - A fake ChatGPT app or website can install harmful malware on your device, exploiting any vulnerability in your device's operating system or web browser, thereby enabling hackers to take control of your device.
- Identity Theft - Your personal information, such as your name, email address, and phone number, may be collected by the fake ChatGPT app or website without your knowledge, which can then be used for malicious activities like phishing scams.
- Money loss – If you unintentionally provided your financial information, such as your credit card information, to a fake ChatGPT website, this could lead to fraudulent charges and unauthorized transactions.
How can Trend Micro protect you?
Trend Micro can detect and protect you against fake/malicious apps and phone malware, but we recommend following these best practices to avoid further infections:
- Download apps from trusted sources only, such as Google Play Store or App Store.
- Always check the app developer's name and app reviews before you install.
- Update Trend Micro Mobile Security regularly and allow all needed permissions.
- For Android devices, make sure to enable and use Trend Micro Pay Guard and SafeSurfing for iOS, which has the integrated Pay Guard to secure all your financial transactions online.
- Enable Web Guard to block dubious websites before they install harmful apps.