ChatGPT, the new tool of Artificial Intelligence that allows you to chat with a system that can answer any question you ask, aroused great interest since its appearance for its surprising capacity and for the possible forms of use in different scenarios.
This attraction and massive interest, as always happens, is also taken advantage of by cybercriminals who seek to take advantage of the popularity of this technology to commit some type of fraud.
In this context, ESET, a company in proactive threat detection, shared three examples of how different scammers are using ChatGPT as a lure to attract potential victims.
The massive interest in ChatGPT is exploited to commit some kind of fraud. Photo: Archive.
1 . Fake ChatGPT extensions in Chrome
A malicious extension for Google Chrome called "Quick Access to Chat GPT" was recently discovered, offering direct access to ChatGPT. While the extension provides the functionality it promises, the main goal is to steal accounts from Facebook and other services.
The criminals then used these stolen accounts to create bots and deploy more malicious ads across the social network that distribute malware and steal credentials. The extension, which has since been removed from Chrome's official repository, was available for six days and recorded an average of 2,000 daily installs.
This add-on collected browser information, such as cookies from open sessions of any active services (such as Facebook) and sent this information to a server of the attacker. It's a campaign that started in February and includes other malicious Chrome extensions that also use the ChatGPT name.
In this context, the Head of the Research Laboratory of ESET Latin America Camilo Gutiérrez Amaya warned that "it would not be strange that there is another malicious extension in activity or that a new one may appear in the near future. So you have to be very careful with the extensions we install in our browser."
ChatGPT is not available through an app. However, they take advantage of this scenario to distribute fake apps. Photo: Archive
2. Fake ChatGPT Social Media Sites and Profiles
The presence of pages on social networks such as Facebook that promote content on this tool was detected, but that are also used to distribute links and ads that lead to sites that impersonate ChatGPT.
Some of these pages seek to trick victims into downloading malicious files to their computers. Some of these sites downloaded malware that steals credentials from the infected computer.
"It is worth mentioning that due to the demand that exists for ChatGPT and that many people cannot access the service due to the volume of people interested in using the tool, OpenAI now offers the possibility to pay to access the Plus version," said Amaya.
In this sense, he warned that this is also used by attackers to try to steal the financial data of the card through false forms, "adds Gutierrez, of ESET Latin America.
3. Fake ChatGPT mobile apps
At the moment ChatGPT is not available through an app for phones. However, cybercriminals are taking advantage of this scenario to distribute fake Android apps that download malicious software to smartphones.
Cyble researchers detected more than 50 malicious apps that used the ChatGPT logo that had as their ultimate goal to perform some type of fraudulent activity.
Another case reported by Gizmodo, a technology weblog that deals with consumer electronics issues, revealed that the App Store distributed an app of dubious reputation that uses, the name of ChatGPT for free, but that after three days charges subscription fees.
At the end, from Eset, they warned that although these are some of the ways that – so far – the attackers have explored, new cases will surely appear or even other ways to take advantage of interest and curiosity to commit some type of crime.
Therefore, they advised that people should be vigilant and wary of search results, ads that show Google results or on social networks.
"You should also pay attention to the links that are shared in groups where you discuss this topic or any app that promises to install this chatbot on the phone or as software on the computer," Amaya concluded.
LN
See also