Scammers are capitalizing on the runaway popularity of and interest in ChatGPT, the natural language processing AI — impersonating it in order to infect victims with a Trojan malware called Fobo, in order to steal login credentials for business accounts.
ChatGPT is the world’s most advanced chatbot, published by developers OpenAI back in November. It’s been a resounding success: It’s regularly overloaded with users demanding that it write marketing copy, or poems, or answer questions about philosophy. (In fact, OpenAI has developed a $20-per-month subscription plan for users who want to bypass these slowdowns.) And a meme has been making the Internet rounds recently, about how long it took the world’s biggest apps to reach 1 million users. Netflix, for example, took 3.5 years. Facebook, 10 months. Spotify, five months. ChatGPT? Five days.
In the same way they do any big news item — COVID-19, the Ukraine war, take your pick — hackers have twisted the popularity of ChatGPT into phishing bait. And now, according to a blog post from Kaspersky, a fresh campaign is utilizing social media impersonation to lead unsuspecting victims to a fake ChatGPT landing page, where “signing up” means downloading an info-stealing Trojan called Fobo. The Trojan seeks out business account credentials, which could be used for follow-on attacks of a greater scale.
According to the report, this blatant scam has already spread to Africa, the Americas, Asia, and Europe.
Faking ChatGPT to Hack Business Accounts
The researchers at Kaspersky have observed grifters running social media accounts that either impersonate the OpenAI/ChatGPT brand directly or pretend to be communities for fans of the program.
Sometimes, the accounts post neutral content relating to ChatGPT, with a malicious link at the bottom. Other times, according to the blog post, they post “fake credentials for the pre-created accounts that are said to provide access to ChatGPT. To motivate potential users even further, the attackers say that each account already has US $50 on its balance, which can be spent on using the chatbot.”
The real program has an entirely optional subscription plan but is otherwise free to use for the general public.
Unwitting social media users who follow the malicious links in these posts land on a ChatGPT homepage, which is like for like with the real thing in almost every way.
Clicking the “download” button — suspicious in itself, as ChatGPT has no desktop client — triggers the installation of an executable file.
“If this archive is unpacked and the executable file run,” according to Kaspersky researchers, “then, depending on the version of Windows, the user sees either a message saying installation failed for some reason, or no message at all — at which point the process seems to end.”
Behind the scenes, however, a Trojan horse has been unleashed. The Trojan looks for login credentials for apps like Google, Facebook, and TikTok, stored in the victim’s browser. But in particular, Kaspersky explained, it’s looking for usernames and passwords for business accounts.
With employee usernames and passwords, the attackers could possibly perform more significant follow-on attacks against enterprises.
“On finding a business account in one of these services,” the researchers explained, “it tries to get additional information, such as how much money was spent on advertising from the account and what its current balance is.”
How to Avoid ChatGPT Scams
That the perpetrators of this campaign chose ChatGPT as their vehicle is no coincidence. Among its many more frivolous uses, the chatbot has proven popular in business settings. Employees are using it to write emails, copy, and marketing materials faster, support interviews and research projects, and much more.
To avoid engaging with a malicious fake, though, Kaspersky recommended avoiding “offers” like those from this story, utilizing security software, and not clicking on links — better to go through a search engine or type the URL straight into your browser.
As of this writing, Kaspersky has not responded to a direct request for comment by Dark Reading. So, in substitute, we asked the ChatGPT bot to provide insight on the matter. It had this to say:
“In conclusion, the rise of hackers impersonating ChatGPT to steal login credentials is a serious threat that should not be underestimated. The implications of such attacks are far-reaching and potentially devastating for individuals, organizations, and even entire industries. As technology continues to evolve, we can expect these types of attacks to become more sophisticated and difficult to detect. It is, therefore, imperative that individuals and organizations take proactive measures to protect themselves, such as regularly changing passwords, enabling two-factor authentication, and staying vigilant for signs of phishing attacks. Only by working together and taking these steps can we hope to mitigate the risks posed by hackers impersonating ChatGPT and other forms of cybercrime in the future.”
