Analysis, Interviews, Opinions

Be warned … fake ChatGPT domains, extensions abound

The growing popularity of ChatGPT has led to the emergence of numerous fake domains, APKs, and browser extensions that claim to be associated with ChatGPT.  It is important for users to stay vigilant and informed, says Nandakishore Harikumar, Founder and CEO, Technisanct, in an article to TradeArabia.
 
In recent years, the popularity of artificial intelligence (AI) and natural language processing (NLP) has led to the development of various chatbot services. One of the most well-known AI chatbots is ChatGPT, a large language model trained by OpenAI. 
 
However, the growing popularity of ChatGPT has also led to the emergence of numerous fake domains, APKs, and browser extensions that claim to be associated with ChatGPT. These fake domains, applications and browser extensions are designed to trick users into downloading and installing malicious software, steal their personal information, or otherwise compromise their devices.
 
Technisanct has curated a report around this entailing the various types of fake ChatGPT domains and browser extensions that they have identified, as well as the methods used by malicious actors to lure users into downloading or installing these malicious tools. The report also provides recommendations for how users can protect themselves from these threats and avoid falling victim to these scams.
 
Fake domain and extensions
The increasing reliance on AI and NLP technologies provide attackers with new opportunities to exploit user trust. Malicious actors often use social engineering tactics to trick users into downloading and installing fake ChatGPT applications, including creating convincing logos and web pages, as well as using persuasive language in their marketing materials.
 
c, says: “It is important to only download applications and browser extensions from trusted sources and to be cautious when clicking on links or downloading files from unknown sources. By staying vigilant and informed about the risks, users can protect themselves and their devices from these threats.”
 
He adds: “Our research team has uncovered a staggering 7,946 domains registered with ChatGPT in their name, of which 5,549 domains begin with the phrase "chatgpt". Many of these domains are used to host malicious software or phishing scams, which can lead to devastating consequences for unsuspecting users.”
 
Suspicious malware campaign
Threat actors (TA) are increasingly using stealer malware to take credentials from victims' devices. The cookies, credentials, credit card (CC) information, cryptocurrency wallets, and other sensitive information kept on the victim's device can all be stolen by a family of malware. The malware uses a number of methods to extract information from the victim's computer in order to complete their goal. Technisanct’s researchers have found that infection begins when a user tries to download fake/packed with malware Chat GPT software from a website that has been optimized for search engines. When a consumer tries to download software from one of these websites, the user gets compromised. Team has flagged some malicious packages that are available for windows on open-source resembling the Chat GPT application.
 
The researchers have also observed some suspicious ChatGPT chrome extensions which are asking for dangerous permissions. These third-party extensions may put malware on users' computers, get unauthorized access to their personal information, or contain code that was specifically written to carry out any kind of criminal behaviour.
 
Associated risks
a) Fake ChatGPT domains and browser Extensions are often designed to deliver malware to users' devices. This malware can be used to steal sensitive information, spy on users, or take control of their devices.
b) Malicious actors may use fake ChatGPT domains and browser extensions to trick users into divulging sensitive information such as login credentials, personal details, or financial information. This information can be used for identity theft or other forms of fraud.
c) Fake ChatGPT domains and browser extensions may also be used to carry out fraudulent activities, such as stealing money from users' bank accounts or making unauthorized purchases using their credit cards.
d) If a user falls victim to a scam or malicious activity carried out through a fake ChatGPT domains and browser Extensions, it can damage their reputation and credibility, especially if it involves sensitive information or financial losses.
 
Methods used by malicious actors
a) Malicious actors may send emails or messages that appear to be from ChatGPT, asking users to download a certain application or provide sensitive information.
b) They may create fake promotions or giveaways associated with ChatGPT, requiring users to download an application or provide personal information to participate.
c) They may use SEO tactics to make their fake domains or applications appear at the top of search engine results for relevant keywords, making them more likely to be clicked on.
d) Malicious actors may use social engineering techniques to manipulate users into installing fake applications or providing sensitive information, such as pretending to be a trusted friend or authority figure.
 
Recommendations
a) Always check the URL carefully before accessing any website or installing any extension. Be wary of URLs that look similar to the real one but have small differences, such as misspellings or different top-level domains.
b) Only install browser extensions from trusted sources, such as the official Chrome Web Store or Mozilla Add-ons Marketplace. Do not download extensions from third-party websites or unverified sources.
c) Regularly update your browser and extensions to the latest version, as these updates often include security fixes that can protect you against known vulnerabilities.
d) Install and use reputable anti-malware software that can detect and block malicious websites and extensions.
e) Do not click on suspicious links or download attachments from unknown sources. Always scan files for malware before downloading or opening them.
 
In conclusion, the emergence of fake ChatGPT domains and browser extensions highlights the need for increased awareness and vigilance among users. To protect themselves, users must verify domain names, install trusted extensions, keep their browser and extensions up to date, use anti-malware software, and be cautious with links and downloads. By adopting these best practices, users can help prevent these threats from compromising their devices and personal information. It is essential to stay informed and updated about new threats and be proactive in implementing measures to protect against them. – TradeArabia News Service