Cyber threat actors are using a desktop app masquerading as an official client for OpenAI’s ChatGPT to run a malicious campaign. Attackers are enticing users to install a Trojan stealer in the guise of being able to use the ChatGPT app on Windows, which officially does not exist.
The campaign is aimed at stealing users’ credentials stored on Chrome, Edge, Firefox, Brave, and other browsers, Kaspersky shared in a blog post.
Threat actors are also interested in Facebook, TikTok, and Google cookies and accounts, particularly business accounts. The Trojan steals usernames and passwords. Additionally, it tried to access information about the money spent on advertising from the account and its current balance.
The campaign has been spotted in Asia, Africa, Europe, and America; the report shared.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
Cybercriminals are creating groups on social media networks mimicking OpenAI’s accounts to share posts enticing users into downloading a supposed “ChatGPT desktop client”. Additionally, threat actors are also sharing fake links for pre-created accounts that are said to provide access to ChatGPT.
These links with plausible URLs open up well-made fake websites inviting users to download ChatGPT for Windows using links that download an executable file containing the stealer Trojan.
To motivate potential users even further, attackers are posting that these pre-created accounts already have $50 on their balance to use ChatGPT without the trouble of creating an account or paying to use premium features.
The premise for the campaign is user interest in OpenAI’s ChatGPT chatbot, which is technically available for free after creating an account on its website. However, due to a large inflow of users, OpenAI introduced a subscription plan with priority access and faster text generation.
Currently there are no official or third-party clients for ChatGPT for Desktop or mobile users and the chatbot can be accessed only on OpenAI’s website.
COMMents
SHARE