Android Malware Disguised As ChatGPT Apps Targeting Smartphone Users : Palo Alto Networks Unit 42 Research

Palo Alto Networks, the global cybersecurity leader, has recently found a surge in Android malware that is pretending to be the popular AI Chatbot ChatGPT. The malware emerged following the release of OpenAI’s GPT-3.5 and GPT-4, targeting users interested in using the ChatGPT tool.

A Meterpreter Trojan disguised as a “SuperGPT” app and a “ChatGPT” app are found to send premium-rate text messages, resulting in charges for the victims that are pocketed by threat actors. Considering that Android users can download applications from various sources other than the official Google Play store, there is potential for users to obtain applications that have not been vetted by Google.

Key findings include:

  • Impersonation of ChatGPT: A new android malware has emerged, disguising itself as ChatGPT. This surge coincided with the release of OpenAI’s GPT-3.5 and GPT-4, targeting users interested in ChatGPT.
  • Meterpreter Trojan: The malware includes a Meterpreter Trojan disguised as a “SuperGPT” app. It enables remote access to infected Android devices upon successful exploitation.
  • Certificate Attribution: The digital code-signing certificate used in the malware samples is associated with an attacker identified as “Hax4Us.” The certificate has been used across multiple malware samples.
  • SMS to Premium-Rate Numbers: A cluster of malware samples, masquerading as ChatGPT-themed apps, sends SMS messages to premium-rate numbers in Thailand. These numbers incur charges for the victims, facilitating scams and fraudulent activities.

Leave a Reply