Palo Alto Networks, the global cybersecurity leader, has released a blog titled ‘Android Malware Impersonates ChatGPT-Themed Applications’ The blog highlights the surge in Android malware that is pretending to be the popular AI Chatbot ChatGPT. The malware emerged following the release of OpenAI's GPT-3.5 and GPT-4, targeting users interested in using the ChatGPT tool.
The blog provides an analysis of two active malware clusters: a Meterpreter Trojan disguised as a "SuperGPT" app and a "ChatGPT" app that sends premium-rate text messages to numbers in Thailand, resulting in charges for the victims that are pocketed by threat actors. Considering, Android users can download applications from various sources other than the official Google Play store, there is potential for users to obtain applications that have not been vetted by Google.
Key findings from the blog include:
- Impersonation of ChatGPT: A new android malware has emerged, disguising itself as ChatGPT. This surge coincided with the release of OpenAI's GPT-3.5 and GPT-4, targeting users interested in ChatGPT.
- Meterpreter Trojan: The malware includes a Meterpreter Trojan disguised as a "SuperGPT" app. It enables remote access to infected Android devices upon successful exploitation.
- Certificate Attribution: The digital code-signing certificate used in the malware samples is associated with an attacker identified as "Hax4Us." The certificate has been used across multiple malware samples.
- SMS to Premium-Rate Numbers: A cluster of malware samples, masquerading as ChatGPT-themed apps, sends SMS messages to premium-rate numbers in Thailand. These numbers incur charges for the victims, facilitating scams and fraudulent activities.