Kaspersky recently reported on a new type of malware that targets users of the popular AI-powered chatbot, ChatGPT. The malware is designed to steal the account credentials stored in popular browsers such as Chrome, Edge, and Firefox.
The attackers used the trusted reputation of ChatGPT to their advantage. ChatGPT is a well-known and widely used AI chatbot, and users generally trust the service. This trust made it easier for the attackers to convince users to download a credential-stealing trojan that purports to be a ChatGPT app.
According to the report, the attackers created fake online ChatGPT communities that appeared to be either linked to official Open AI accounts or a reputable ChatGPT enthusiast community. These communities were intended to establish credibility as a reliable source for ChatGPT-related content. The attackers also took advantage of the common experience of the service being frequently unavailable during high traffic times.
The attackers would use these forums to distribute links to malicious files that purported to be official ChatGPT clients that would help users get around these limitations. In some cases the attackers even claimed to have credits on the associated fake accounts for purchasing premium ChatGPT services. In reality, ChatGPT is only officially distributed as a web application that does not require users to download anything, so these types of apps are fraudulent.
Once the user downloaded and installed the “ChatGPT app,” the user would receive an error message indicating that the installation was not successful or would see no activity at all. While most would attribute this to a technical error, the attack had already occurred, and the users’ browser-stored credentials had already been pilfered.
The ChatGPT Stealer is yet another example of how current methods for preventing abuse-of-trust attacks – such as imploring users to remain vigilant and to ensure that their devices have the latest security updates – simply are not enough. Solutions that take the burden off users’ shoulders, like ConcealBrowse, are the only way to stop all types of attacks delivered via the browser. ConcealBrowse scans the URLs a user opens, regardless of the source, and will block or isolate malicious or risky web sites. Even if a user trusts a link, ConcealBrowse does’t.
The ChatGPT trojan attack is a reminder that identities of trusted services can be co-opted by determined attackers. By using a combination of social engineering tactics and sophisticated malware techniques, the attackers were able to steal personal information from unsuspecting users. ConcealBrowse keeps users safe, even when they are fooled into trusting attackers. Try ConcealBrowse for free to start protecting your users today.
Written by: Conceal Research Team