Security researchers warn of new phishing campaigns for Windows and Android that use ChatGPT to trick users into unknowingly downloading malware and handing over their credit card details.
Cybersecurity firm Cyble said several phishing sites were spread by fake social media pages impersonating ChatGPT developer OpenAI.
“The page appears to be trying to build credibility by including various content such as videos and other unrelated posts,” it said.
“However, upon closer inspection, it became apparent that some of the posts on the page contained links directing users to phishing pages impersonating ChatGPT. into downloading a malicious file onto your machine.”
These links are typosquatted to make victims believe they are directed to the official ChatGPT site where they can download the tool in question. In fact, they direct users to a site disguised as her real OpenAI website. This website has a “Download for Windows” button.
Cyble said that clicking this would install stealer malware on the victim’s machine.
Another phishing site has a “Try ChatGPT” button that actually installs the Lumma stealer, but other variations are used to spread Aurora stealer variants such as the Clipper Trojan.
Cyble warns that another phishing campaign also uses fake ChatGPT-related payment pages designed to steal victims’ money and credit card information.
Security vendors have also uncovered 50 fake Android apps masquerading as the ChatGPT brand in order to sneak potentially unwanted programs, adware, spyware onto victims’ devices and commit billing fraud.
“By posing as ChatGPT, these threat actors attempt to trick users into thinking they are interacting with a legitimate and trusted source when they are actually exposed to harmful and malicious content. ,” concludes Cyble.
“Users who fall victim to these malicious campaigns may suffer financial losses or put their personal information at risk, causing significant harm.”
ChatGPT actually poses a double phishing threat. Similar to scammers using this as a lure, security experts previously warned that a budding cybercriminal could use his AI techniques to generate convincing phishing his campaigns. Did. many.
