Attackers leverage the popularity of OpenAI’s ChatGPT chatbot to spread malware for Windows and Android or redirect innocent victims to phishing pages. ChatGPT has grown in popularity since launching in November 2022 and has become the fastest growing consumer app in modern history with over 100 million users by January 2023.

This huge popularity and rapid growth has forced OpenAI to downsize the tool and launch a $20 per month paid tier (ChatGPT Plus) for people who want to use the chatbot without accessibility restrictions.

This move created the conditions for attackers to capitalize on the popularity of the tool by promising hassle-free and free access to premium ChatGPT. The offers are dangerous and designed to trick users into installing malware or providing account credentials. Security researcher Dominic Alvieri was one of the first to notice such an instance of the domain “chat-gpt-pc.online” being used to infect visitors with the Redline malware, which steals information in the download format for the ChatGPT Windows desktop client.

This website is promoted by a Facebook page that uses official ChatGPT logos to trick users into redirecting them to a malicious site.

.

Alvieri also noticed fake ChatGPT apps advertised on Google Play and third-party Android app stores to transfer questionable software to people’s devices.

Cyble researchers have released a related report today in which they present additional findings regarding the malware distribution campaign discovered by Alvieri, as well as other malicious processes that are taking advantage of ChatGPT’s popularity. Cyble discovered ‘chatgpt-go.online’, which distributes the malware that steals the contents of the clipboard and the Aurora hacker. Also, “chat-gpt-pc[.]Online provided by the Lumma hacker in Cyble tests”. Another domain name “openai-pc-pro[.]online” releases an unknown malware family.