ChatGPT getting used in Phishing Campaigns

Researchers have warned of new Windows and Android phishing campaigns using ChatGPT to trick users into unwittingly downloading malware and handing over their credit card details.

Several of the phishing sites are being spread by a fake social media page spoofed in the name of ChatGPT developer OpenAI that tries to build credibility by including a mix of content, such as videos and other unrelated posts.

After a deeper analysis, it’s been revealed that some posts on the page contain links that lead users to phishing pages that impersonate ChatGPT. These phishing pages trick users into downloading malicious files onto their machines.

The links are typo squatted to make the victim think they are being taken to an official ChatGPT site where they can download the much-talked-about tool. Clicking on this will install stealer malware on the victim’s machine.

Another phishing site features a Try ChatGPT button which installs the Lumma stealer, while other variations are being used to spread the Aurora stealer variant, the Clipper Trojan, and others.

Researchers also spotted 50 fake Android apps spoofing the ChatGPT brand to sneak potentially unwanted programs, adware, and spyware onto victims’ devices, as well as commit billing fraud.

By posing as ChatGPT, these threat actors seek to deceive users into thinking that they are interacting with a legitimate and trustworthy source when they are being exposed to harmful and malicious content. Victims of these malicious campaigns could suffer financial losses or even compromise their personal information, causing significant harm.

This research was documented by researchers from Cyble

Indicators of Compromise

• cebddeb999f4809cf7fd7186e20dc0cc8b88689d d1b1813f7975b7117931477571a2476decff41f124b84cc7a2074dd00b5eba7c
• c57a3bcf3f71ee1afc1a08c3a5e731df6363c047 3ec772d082aa20f4ff5cf01e0d1cac38b4f647ceb79fdd3ffd1aca455ae8f60b
• aeb646eeb4205f55f5ba983b1810afb560265091 ae4d01a50294c9e6f555fe294aa537d7671fed9bc06450e6e2198021431003f9
• 189a16b466bbebba57701109e92e285c2909e8a2 46200951190736e19be7bcc9c0f97316628acce43fcf5b370faa450e74c5921e
• afa741309997ac04a63b4dd9afa9490b6c6235c1 34b88f680f93385494129bfe3188ce7a0f5934abed4bf6b8e9e78cf491b53727
• 23f50f990d4533491a76ba619c996b9213d25b49 53ab0aecf4f91a7ce0c391cc6507f79f669bac033c7b3be2517406426f7f37f0
• f1a5a1187624fcf1a5804b9a15a4734d9da5aaf6 60e0279b7cff89ec8bc1c892244989d73f45c6fcc3e432eaca5ae113f71f38c5
• hxxps://openai-pc-pro[.]online
• hxxps://chat-gpt-pc[.]online
• hxxps://chatgpt-go[.]online
• hxxp://chatgpt-go.online/clip[.]exe
• hxxp://chatgpt-go.online/java[.]exe
• hxxps://rebrand[.]ly/qaltfnuChatGPTOpenAI