Chatbot artificial intelligence ( artificial intelligence / AI) made by OpenAI, ChatGPT is on the rise and is used by many people around the world. The popularity of ChatGPT turns out to be supported by bad actors to spread malicious software ( malware ) that can steal login data on Google Chrome.
The malware masquerades as the desktop ChatGPT application. Users must now be vigilant regarding the existence of a fake desktop ChatGPT application containing this data-stealing malware .
The reason is, until now, ChatGPT is only officially available via the site at the URL www.chat.openai.com . ChatGPT is not available in the desktop or mobile version of the application.
Be Careful, There is a Fake ChatGPT Desktop Application Contains Data Stealing Malware
The existence of a fake ChatGPT desktop application containing data-stealing malware was first discovered by a research team from the cybersecurity platform, Trend Micro.
Through a thread on Twitter, Tren Micro Research revealed that there is a zip archive file named "ChatGPT For Windows Setup 1.0.0.exe".
The file contains " Infostealer " malware. When the files were installed, Trend Micro Research found ChatGPTSupport.exe and infostealer payload running in the background.
This malware can extract and decrypt accounts, cookies and history from Chromium-based web browsers, one of which is Google Chrome.
🚨 Threat actors deliver infostealer disguised as #ChatGPT. 🚨 @TrendMicro Managed XDR found an #infostealer disguised as a fake #ChatGPT desktop client for Windows copying the Google Chrome login data folder where data related to saved passwords are stored. [1/9] pic.twitter.com/BTywUOLDsU
— Trend Micro Research (@TrendMicroRSRCH) April 28, 2023
The #infostealer is installed via a zip archive containing the file ChatGPT For Windows Setup 1.0.0.exe.
— Trend Micro Research (@TrendMicroRSRCH) April 28, 2023
Once installed, the fake client emulates what a ChatGPT desktop client would look and feel like.
No official ChatGPT desktop client has yet been released by OpenAI. [2/9] pic.twitter.com/vYJso8qJzG
When opening the fake desktop ChatGPT application, the user is presented with the OpenAI logo with a message reading "Welcome to ChatGPT. Log in with your OpenAI account to continue". Then, there is a "Log in" and "Sign up" icon.
According to Trend Micro Research, the fake desktop ChatGPT client application connects to various domains such as api.telegram.org, facebook.com, graph.facebook.com (to get data in and out of the Facebook platform), and hapi.aiforopen.com.
When opening the fake desktop ChatGPT application, the user is presented with the OpenAI logo with a message reading "Welcome to ChatGPT. Log in with your OpenAI account to continue". Then, there is a "Log in" and "Sign up" icon.
According to Trend Micro Research, the fake desktop ChatGPT client application connects to various domains such as api.telegram.org, facebook.com, graph.facebook.com (to get data in and out of the Facebook platform), and hapi.aiforopen.com.