Check Point Research has recently noticed a surge in cyberattacks leveraging websites associated with ChatGPT, involving the distribution of malware and phishing attempts through websites that appear to be related to ChatGPT.
There have been several attacks involving the spread of malware and phishing attempts through websites that appear to be associated with ChatGPT. These campaigns aim to trick users into revealing sensitive information or downloading harmful files.
Diving into details
Since the beginning of 2023, 1 out of 25 new ChatGPT-related domains was either malicious or potentially malicious, and the frequency of these attack attempts has been steadily increasing over the past few months.
After clicking on the malicious links, victims are redirected to websites that may subject them to additional attacks. Some of the malicious websites mimicking ChatGPT identified are:
- chat-gpt-pc[.]online
- chat-gpt-online-pc[.]com
- chat-gpt-ai-pc[.]info
- Chat-gpt-for-windows[.]com
A warning has been issued by researchers regarding an infostealer that imitates a Windows desktop client of ChatGPT. This infostealer has the ability to duplicate saved login credentials from the Google Chrome login data folder. Although ChatGPT does not have an authorized desktop client, this fraudulent version appears to be very authentic.
Some notable related incidents
- In April, a campaign was discovered that distributed RedLine stealer to targeted systems. RedLine stealer is disguised as free downloads for ChatGPT or Google Bard files and is promoted through fake posts on Facebook.
- In March, Guardio Labs found a new strain of Facebook Ads account stealer, disguised as an open-source product with malicious code. Named "Chat GPT for Google," the extension can steal Facebook session cookies. The FakeGPT extension was downloaded by over 9,000 users before being removed from the Google Play Store.
The bottom line
Phishing schemes often employ the use of fake or lookalike domains, which can easily deceive individuals at first glance. These domains are created to mimic legitimate or trusted domains, such as substituting letters with similar-looking ones. Therefore, users mustn’t click on random emails or links without prior knowledge or idea.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_146765915.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/870f_shutterstock_1954309246.jpg)
