Go to listing page

ChatGPT Phishing Attacks Distribute Windows and Android Malware

ChatGPT Phishing Attacks Distribute Windows and Android Malware
ChatGPT chatbot, which instantly created a flurry of interest in AI and its possible uses, has become a go-to lure for cybercriminals to distribute malware and carry out other AI-assisted cyberattacks. Threat actors are using several phishing websites, social media pages, and fake apps impersonating ChatGPT to spread various types of malware and steal credit card information.

Typosquatting and phishing attempts

Cyble researchers have found attackers leveraging typosquatting domains for phishing attacks. 
  • The websites were mimicking the official ChatGPT website and there was a TRY CHATGPT button with malicious links hosting various types of malicious files.
  • These files contained executable files for several notorious malware families, including Lumma Stealer, Aurora Stealer, and clipper malware.
  • Attackers created some other fake ChatGPT-related payment pages to steal victims’ money and credit card information. These pages supposedly offer visitors a payment portal to purchase ChatGPT Plus.
  • Additionally, experts identified over 50 fake and malicious apps pretending to be ChatGPT. These apps targeted unsuspecting individuals with different malware families, such as adware, spyware, billing fraud, and a Spynote malware variant.

In a different case, one typosquatting domain was spotted infecting visitors with the Redline info-stealer malware under the guise of a download for a ChatGPT Windows desktop client.

Social media ad scams

Attackers created an unofficial ChatGPT social media page that features multiple posts about ChatGPT and other OpenAI tools.
  • They added content, such as videos and other unrelated posts to build credibility and posts featuring typosquatting domains, masquerading as the official website of ChatGPT.
  • The social media page posts mislead victims into thinking they are accessing ChatGPT’s official website and clicking on a download button that downloads harmful executables.
  • Once the malware is executed, it can collect sensitive data such as call logs, contacts, SMSes, and media files from an infected device without the victim’s knowledge.

Additional findings

Experts found several many other instances of the exploitation of ChatGPT’s popularity. Some fake ChatGPT apps, such as chatGPT1 and AI Photo, were being promoted on Google Play and third-party Android app stores, to push malicious software onto victims’ devices.


With the increasing popularity of ChatGPT, more threat actors are expected to imitate it to carry out malicious attacks. A notable way to avoid such risks is to only believe trustworthy sources. If any news or information is received on social media or via emails, it is suggested to cross-validate the same with the company website or official channels. Further, it is best to avoid opening links or email attachments without first verifying their authenticity.  
Cyware Publisher