Fake ChatGPT apps are spreading malware that can steal your money and passwords

A picture of a robot showcasing rogue AI
(Image credit: Shutterstock)

The recent surge in the popularity of ChatGPT has caught the attention of hackers, who are now using the AI chatbot to spread both Android and Windows malware.

Launched back in November of last year by OpenAI, ChatGPT is an AI tool that produces human-like text after being trained on the GPT-3.5 learning model. This new AI chatbot has taken the world by storm, and it’s become so popular that OpenAI has even launched a paid tier called ChatGPT Plus which removes availability restrictions.

Using the free version of ChatGPT can be difficult as you often have to wait, and hackers have seized on this opportunity. Instead of paying or waiting in line, they’re now offering unsuspecting users a chance to use ChatGPT right now through fake apps and phishing sites designed to spread malware.

Malicious apps and fake sites claiming to be the real ChatGPT

smartphone malware

(Image credit: Shutterstock)

As reported by BleepingComputer, security researcher Dominic Alvierie discovered that hackers are using the domain “chat-gpt-pc[.]online” to infect those who want fast access to ChatGPT with the Redline info-stealing malware.

This fake site was promoted through a Facebook page that impersonated OpenAI by using official ChatGPT logos. However, instead of downloading a ChatGPT client for Windows, users in a rush to use the AI chatbot actually end up installing malware onto their PC.

Hackers are also abusing the Google Play Store and third-party app stores to distribute fake ChatGPT apps. In a new report, the cybersecurity firm Cyble has revealed that it found over 50 malicious apps using ChatGPT’s logo and name to commit fraud and distribute malware.

Some examples include “chatGPT1” that carries out SMS billing fraud on devices where the app is installed and “AI Photo” that actually contains the Spynote malware which is capable of stealing call logs, contacts, text messages and files from an Android smartphone.

Like Alvierie, Cyble also found a number of fake sites impersonating ChatGPT. For instance, “chatgpt.go[.]online” distributes the Aurora stealer which can steal clipboard data and “chat-gpt-pc[.]online” that installs the Lumma stealer. Meanwhile, “openai-pc-pro[.]online” drops an unknown malware family.

How to safely and securely access ChatGPT

ChatGPT running on phone with laptop in the background

(Image credit: Shutterstock)

Hackers often try to instill a sense of urgency in their phishing campaigns and other attacks but in this case, the limited availability of ChatGPT has done their job for them. People are eager to try out the new AI chatbot and are looking for ways to cut the line to get access now.

Unfortunately, the only way to do so is to pay $20 a month for ChatGPT Plus or to meet the requirements set by Microsoft to get access to the new Bing with ChatGPT. Even then though, you will still likely have to wait.

As for apps for your smartphone and programs for your computer, ChatGPT is only available either via the Bing app (though again you will likely have to join the waitlist for access to Bing's ChatGPT-powered chatbot, even on the mobile app) or online at “chat.openai.com” at the moment. While this could change in the future, as of now any app, software or site claiming to be ChatGPT is a fake that should be avoided at all costs.

If you do go down the rabbit hole looking for quick and easy access to ChatGPT, you should ensure that you have the best antivirus software installed on your PC or one of the best android antivirus apps on your Android smartphone to protect both your devices and your data.

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.