Usually downloaded outside of official Android app stores, the malware apps can saddle victims with premium-SMS charges and data leak problems.

Following the release of OpenAI’s ChatGPT v3.5 and v4.x, cybercriminals have been riding on the popularity wave by targeting Android smartphone users eager to improve access to the chatbot.

According to Palo Alto Networks analysts, there has been a surge in malware mobile apps masquerading as ChatGPT or some improved variant of it.

The firm has classified two clusters of active malware of this nature: a “Meterpreter” trojan disguised as a “SuperGPT” app; and another type of app disguised as ChatGPT but actually sends premium-rate text messages to numbers in Thailand, resulting in charges for the victims that end up in scammers’ coffers.

Considering that Android users can download applications from various sources other than the official Google Play store, there is potential for users to obtain applications that have not been vetted by Google. This opens up opportunities for scammers to bait users to download malicious software that:

    • impersonate ChatGPT: This surge coincided with the release of OpenAI’s GPT-3.5 and GPT-4, targeting users interested in ChatGPT.
    • claim to be a “SuperGPT” app: In actual fact, the app is a trojan malware that enables remote access to infected Android devices upon successful exploitation.
    • contain digital code-signing certificates associated with an attacker identified as “Hax4Us”: The certificate, linked to entities located in Delhi, India, has been used across multiple malware samples investigated by Palo Alto Networks cyber researchers.
    • masquerade as ChatGPT-themed apps: In actual fact the malware sends chargeable SMS messages to premium-rate numbers in Thailand. These numbers incur charges for the victims, facilitating scams and fraudulent activities.

Overall, the threat of mobile malware linked to trending topics and products highlights the critical importance of guarding our mobile devices from casual downloading of apps of dubious origins.

By remaining vigilant and taking proactive steps to safeguard our devices, we can help prevent the spread of dangerous malware.