A new android malware has emerged, disguising itself as ChatGPT according to a Palo Alto Networks blog titled ‘Android Malware Impersonates ChatGPT-Themed Applications’. The malware emerged following the release of OpenAI’s GPT-3.5 and GPT-4, targeting users interested in using the ChatGPT tool.
The malware includes a Meterpreter Trojan disguised as a “SuperGPT” app. It enables remote access to infected Android devices upon successful exploitation. The digital code-signing certificate used in the malware samples is associated with an attacker identified as “Hax4Us.” The certificate has been used across multiple malware samples. A cluster of malware samples, masquerading as ChatGPT-themed apps, sends SMS messages to premium-rate numbers in Thailand. These numbers incur charges for the victims, facilitating scams and fraudulent activities.
The emergence of new AI technology and large language models like ChatGPT have made it easier for cybercriminals to generate malicious code, Business Email Compromise (BEC) attacks, and develop polymorphic malware that makes it harder for victims to identify phishing
Analysing the two active malware clusters, Meterpreter Trojan disguised as a “SuperGPT” app and a “ChatGPT” app that sends premium-rate text messages to numbers in Thailand, resulting in charges for the victims that are pocketed by threat actors. Considering, Android users can download applications from various sources other than the official Google Play store, there is potential for users to obtain applications that have not been vetted by Google.
The Rise in New and Evolving Threats like ChatGPT
In April,Zscaler, Inc. (NASDAQ: ZS), a cloud security company released its 2023 ThreatLabz Phishing Report, which deduced that the emergence of new AI technology and large language models like ChatGPT have made it easier for cybercriminals to generate malicious code, Business Email Compromise (BEC) attacks, and develop polymorphic malware that makes it harder for victims to identify phishing.
Malicious actors are also increasingly hosting their phishing pages on the InterPlanetary File System (IPFS), a distributed peer-to-peer file system that allows users to store and share files on a decentralized network of computers. It is much more difficult to remove a phishing page hosted in IPFS because of its peer-to-peer network aspect.
While the top targeted brands include Microsoft, Binance, Netflix, Facebook, and Adobe, AI tools like ChatGPT and Phishing Kits have significantly contributed to the growth of phishing, reducing the technical barriers to entry for criminals and saving them time and resources.
OpenAI’s ChatGPT was itself recently affected by a bug in an open-source library, causing some users to be able to view other users’ conversation history and payment details. Yiftach Shoolman, Redis’ co-founder and CTO, noted that a bug report is one way to discover the usage of open-source software.
In this era of rapid technological advancements, it is crucial for users to remain informed, exercise caution, and prioritize cybersecurity measures. Both individuals and organizations must adopt a proactive approach to safeguarding their digital presence and contribute to the ongoing battle against emerging threats. Only by staying ahead of the curve can we hope to navigate the intricate landscape of cybersecurity with confidence and resilience.