Kaspersky researchers have identified a new and ongoing malware campaign that capitalizes on the increasing popularity of the ChatGPT AI chatbot. Cybercriminals are distributing the malware via Facebook communities, offering a fake desktop version of ChatGPT. Instead of the bot, users receive a Trojan dubbed Fobo, that steals sensitive information, such as Facebook, TikTok, and Google account credentials, as well as personal and corporate financial data.
Kaspersky researchers recently identified an ongoing malicious campaign that targets users of ChatGPT, an AI chat-bot which has garnered attention from IT enthusiasts, creatives, and other individuals for several months. Scammers create groups on social networks that convincingly mimic official OpenAI accounts or at least appear to be communities of ChatGPT enthusiasts.
These fraudulent groups host seemingly official posts with the news about the service and promote a program posing as a desktop client for ChatGPT.
Once the users click on the link from the post, they are directed to a well-crafted website that looks almost identical to the official ChatGPT website. The site prompts the user to download a purported ChatGPT version for Windows which is in fact an archive with an executable file. The installation process begins but stops abruptly with an error message stating that the program could not be installed. Users may think the program simply was not able to install and forget about it.
In fact, the installation of the program proceeds without users’ knowledge and a new stealer Trojan, Trojan-PSW.Win64.Fobo, is installed on the user’s computer. This Trojan is designed to steal information about saved accounts from various browsers, including Chrome, Edge, Firefox and Brave, among others. The attackers behind the Trojan are particularly interested in stealing cookies and login credentials from Facebook, TikTok, and Google accounts, especially those related to businesses. The Trojan steals login credentials and attempts to obtain additional information, like the amount of money spent on advertising and the current balance of business accounts.
The attackers are targeting the global market. The fraudulent “desktop client” for ChatGPT has attacked users in Africa, Asia, Europe, and America.
“This campaign targeting ChatGPT is a prime example of how attackers are leveraging social engineering techniques to exploit the trust that users place on popular brands and services. It is important for users to understand that, just because a service appears to be legitimate, it doesn’t mean that it is. By staying informed and remaining cautious, users can protect themselves from these types of attacks,” comments Darya Ivanova, security expert at Kaspersky.