Kaspersky researchers recently identified an ongoing malicious campaign targeting users of ChatGPT, an artificial intelligence chatbot that has been attracting the attention of computer enthusiasts, creatives and other users for several months. The scammers create groups on social networks that convincingly imitate the official OpenAI accounts or at least appear to be real communities of ChatGPT supporters.
These fraudulent groups publish official-looking posts with news about the service and promote a program that pretends to be a desktop client for ChatGPT.
Once the link from the post is clicked, users are taken to a well-crafted website, which looks identical to the official ChatGPT one, and prompted to download an alleged version of ChatGPT for Windows, which is actually an archive with an executable file . The installation process starts, but abruptly stops reporting that the program could not be installed. As a result, users may think that the installation failed and therefore ignore the error message.
In reality, the program installation proceeds without the user’s knowledge and a new Trojan stealer, Trojan-PSW.Win64.Fobo, is downloaded onto the user’s computer. This Trojan is designed to steal account information saved on various browsers, including Chrome, Edge, Firefox and Brave. The cybercriminals behind this Trojan are particularly interested in stealing cookies and login credentials from Facebook, TikTok and Google accounts, especially those related to companies. The Trojan steals login credentials and attempts to obtain additional information, such as the advertising budget spent and the current balance of company accounts.
The attackers are targeting the global market. The fraudulent “desktop client” for ChatGPT attacked users in Africa, Asia, Europe and America.
To protect yourself and explore new technologies safely, Kaspersky recommends:
- Be careful when downloading software from the Internet, especially if it comes from a third-party website. Always try to download software from the official website of the company or service you are using.
- Verify that the site you download the software from is legitimate. It’s important to always look for the lock icon in the address bar and make sure the site’s URL starts with https://.
- Use strong, unique passwords for each account and turn on two-factor authentication whenever possible. This helps protect your accounts from being compromised by cyber criminals.
- Be wary of suspicious links or emails from unknown sources. Scammers often use social engineering techniques to trick users into clicking links or downloading malicious software.
- Use a reputable security solution, making sure to update it frequently. Kaspersky Premium is updated with the latest features and can help detect and remove any malware present on the com