Kaspersky researchers have discovered a new and continuing malware campaign that takes advantage of the increasing popularity of the ChatGPT AI chatbot.
Cybercriminals are distributing the malware through Facebook forums, posing as a desktop version of ChatGPT. Instead of the bot, users are infected with the Fobo Trojan, which steals sensitive information such as Facebook, TikTok, and Google account credentials, as well as personal and business financial data.
Kaspersky researchers recently discovered an ongoing malicious activity targeting users of ChatGPT, an AI chat-bot that has captured the attention of IT enthusiasts, creatives, and other persons for several months.
Fraudsters construct social media groups that convincingly resemble official OpenAI accounts or appear to be communities of ChatGPT aficionados.
These phony groups host supposedly official posts about the service and push an application masquerading as a ChatGPT desktop client.
Users are brought to a well-crafted website that looks almost identical to the official ChatGPT website when they click on the link in the post.
The site directs users to download a phony ChatGPT version for Windows, which is actually an archive containing an executable file.
The installation begins but abruptly terminates with an error message claiming that the program could not be installed. People may conclude that the program was simply unable to install and dismiss it.
In reality, the program is installed without the user’s awareness, and a new stealer Trojan, Trojan-PSW.Win64.Fobo, is placed on the user’s PC.
This Trojan is meant to steal information about stored accounts from browsers such as Chrome, Edge, Firefox, and Brave, among others. The attackers behind the Trojan are particularly interested in obtaining cookies and login credentials from Facebook, TikTok, and Google accounts, particularly those associated with companies.
The Trojan steals login credentials and attempts to gather more information, such as the amount of money spent on advertising and the current balance of business accounts.
The attackers are targeting the global market. The fraudulent “desktop client” for ChatGPT has attacked users in Africa, Asia, Europe, and America.
“This campaign targeting ChatGPT is a prime example of how attackers are leveraging social engineering techniques to exploit the trust that users place on popular brands and services. It is important for users to understand that, just because a service appears to be legitimate, it doesn’t mean that it is. By staying informed and remaining cautious, users can protect themselves from these types of attacks,” comments Darya Ivanova, security expert at Kaspersky.
To stay protected and explore new technologies in a safe way, Kaspersky experts also recommend:
- Be cautious when downloading software from the Internet, especially if it’s from a third-party website. Always try to download software from the official website of the company or service that you are using.
- Verify that the website you are downloading software from is legitimate. Look for the padlock icon in the address bar and make sure that the website’s URL starts with https:// to ensure that the website is secure.
- Use strong, unique passwords for each of your accounts and enable two-factor authentication whenever possible. This can help protect your accounts from being compromised by attackers.
- Be wary of suspicious links or emails from unknown sources. Scammers often use social engineering techniques to trick users into clicking on links or downloading malicious software.
