What is ChatGPT malware?
"ChatGPT malware" refers to malicious content distributed under the guise of ChatGPT (Chat Generative Pre-trained Transformer) – a chatbot developed by OpenAI. Since its inception in the autumn of 2022, ChatGPT has reached extreme popularity. At the time of writing, its user base has grown over 100 million. It is particularly prevalent that any enormously popular product/service is swiftly taken advantage of by cyber criminals and scammers alike.
Although ChatGPT is only available online (chat.openai.com), numerous fake desktop clients and mobile apps imitating this chatbot have been discovered. A variety of harmful and malicious software has been proliferated using "ChatGPT" as a disguise.
Additionally, OpenAI has released ChatGPT Plus – a paid premium service. This has opened the avenue for cyber criminals to offer "cracked" versions and create fake payment websites that target victims' financial information.
It must be emphasized that this fraudulent and dangerous content is in no way associated with either the actual ChatGPT or OpenAI.
ChatGPT malware overview
At the time of writing, ChatGPT is exclusively an online tool – hence, there are no desktop or mobile applications available. However, over 50 "ChatGPT" apps have been discovered in the wild. Promoted on fraudulent ChatGPT/OpenAI Facebook pages, malicious websites, Google Play, and third-party Android stores – the applications include a variety of dubious and virulent content (e.g., adware, PUAs, trojans, etc.).
Fake ChatGPTs have been observed proliferating the following stealer-type malware for the Windows OS – Aurora, Lumma, and RedLine. There have also been instances where this fraudulent content distributed clipper-type malware (programs capable of replacing clipboard content). The bogus Android applications spread Toll Fraud malware and the SpyMax spyware.
To summarize, the presence of an illegitimate ChatGPT app on a device could result in encounters with questionable/malicious ads or redirects, browsing activity tracking, data loss, severe privacy issues, significant financial losses, and identity theft.
Furthermore, since the creation of ChatGPT Plus – a premium service based on a monthly subscription, cyber criminals have started promoting fake payment sites for this service. The sites (regardless of whether used to proliferate malware or collect sensitive data) can perfectly mimic the graphics used by ChatGPT's official website (chat.openai.com) and use typosquatting techniques to get the URLs as close to the original as possible.
The discovered phishing sites target users' credit card information (e.g., names, card numbers, expiration dates, CVVs, etc.), which can then be used by the scammers to make unauthorized online purchases or perform other credit card related fraud.
Due to the prevalence of fake ChatGPT content, we strongly recommend caution. Therefore, pay attention to URLs and enter them with care; do not trust offers that sound too good to be true, and do not download/install software promoted by suspicious sources.
|Threat Type||Trojan, password-stealing virus, banking malware, spyware.|
|Related Domain VirusTotal Detections
||openai-pc-pro[.]online, chat-gpt-pc[.]online, chatgpt-go[.]online, chatgptftw[.]com|
|Payload||Aurora, Lumma, RedLine, SpyMax|
|Symptoms||Trojans are designed to stealthily infiltrate the victim's computer and remain silent, and thus no particular symptoms are clearly visible on an infected machine.|
|Distribution methods||Infected email attachments, malicious online advertisements, social engineering, software 'cracks'.|
|Damage||Stolen passwords and banking information, identity theft, the victim's computer added to a botnet.|
|Malware Removal (Windows)||
To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
Examples of legitimate content use for scam/malware promotion
Cyber criminals often employ the names, icons, and other content associated with legitimate products and services for nefarious purposes.
Some examples of this include: Zoom – videoconferencing software, Coinbase – cryptocurrency wallet, AVG AntiVirus – security software, Google Translate – online text translation service, PayPal – online money transferring service (fake account checker), and so forth.
Abusing genuine content in this manner is lucrative, as popular products/services are desirable and recognizable. Additionally, surface-level research on the potential victims' part would only lead them to sources confirming the legitimacy of the content.
How did I encounter fake ChatGPT content?
Malicious/Phishing sites have been observed being promoted by illegitimate Facebook pages masquerading as ChatGPT's official account. These pages may appear legitimate due to the amount of content and posts available on them. Furthermore, the malignant websites they endorse can closely mimic ChatGPT's official site's design and URL.
In addition to such websites, fake ChatGPT Android applications were discovered on the Google Play Store and various third-party app stores. While Google Play is a legitimate app distribution platform, it is not invulnerable to cyber abuse. The review teams can be swift in removing untrustworthy/malicious content, but this does not deter cyber criminals – since hosting their programs on genuine platforms, even for a short while, can be worth it.
It must be mentioned that fake ChatGPT sites and software can be endorsed using other methods as well. Deceptive/malicious webpages can also be accessed via spam mail, sites that use rogue advertising networks, mistyped URLs, spam browser notifications, intrusive ads, and through redirects caused by adware.
Unwanted software and malware are commonly spread via drive-by downloads, online scams, malicious attachments/links in spam mail (e.g., emails, DMs/PMs, SMSes, etc.), malvertising, dubious download channels (e.g., freeware and free file-hosting websites, Peer-to-Peer sharing networks, etc.), pirated programs and illegal activation ("cracking") tools, fake updaters, and bundled installers.
How to avoid installation of malware?
We highly recommend being careful when browsing since fraudulent and malicious online content usually appears legitimate and harmless. Pay attention to URLs and enter them with care; do not click untrusted links. Ignore or deny notification delivery requests from questionable websites, i.e., do not click "Allow", "Allow Notifications", or any similar options.
Another recommendation is to always research software by reading terms and expert/user reviews, checking necessary permissions and other conditions, verifying developer legitimacy, etc. Additionally, all downloads must be performed from official and trustworthy sources.
We advise activating and updating programs using only genuine functions/tools, as those acquired from third-parties can contain malware.
Approach incoming emails, DMs/PMs, SMSes, and other messages with caution. The attachments or links found in suspect/irrelevant mail must not be opened, as they can be infectious.
We must emphasize the importance of having a reputable anti-virus installed and kept up-to-date. Security software must be used to run regular system scans and to remove detected threats. If you believe that your computer is already infected, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate infiltrated malware.
Fake ChatGPT Facebook page promoting deceptive/malicious websites (image source – Cyble):
Fake ChatGPT payment website used for phishing purposes:
Update June 29, 2023 – Since 2022, within the span of a year, more than one hundred thousand ChatGPT accounts have been hijacked via data-stealing malware. This activity has been noted across the globe; however, the Asia Pacific region has been the most targeted – with over forty thousand user accounts stolen.
The potential misuse of the compromised ChatGPT accounts can be varied, but cyber criminals are most likely targeting business-related information since the service has become popular in various industries and spheres. While disabling ChatGPT's ability to save conversations can minimize the potential risks, that does not offer protection against malware capable of keylogging or taking screenshots.
Instant automatic malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
- What is ChatGPT malware?
- STEP 1. Manual removal of malware.
- STEP 2. Check if your computer is clean.
How to remove malware manually?
Manual malware removal is a complicated task - usually it is best to allow antivirus or anti-malware programs to do this automatically. To remove this malware we recommend using Combo Cleaner Antivirus for Windows.
If you wish to remove malware manually, the first step is to identify the name of the malware that you are trying to remove. Here is an example of a suspicious program running on a user's computer:
If you checked the list of programs running on your computer, for example, using task manager, and identified a program that looks suspicious, you should continue with these steps:
Download a program called Autoruns. This program shows auto-start applications, Registry, and file system locations:
Restart your computer into Safe Mode:
Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer start process, press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, and then select Safe Mode with Networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Windows 8 users: Start Windows 8 is Safe Mode with Networking - Go to Windows 8 Start Screen, type Advanced, in the search results select Settings. Click Advanced startup options, in the opened "General PC Settings" window, select Advanced startup.
Click the "Restart now" button. Your computer will now restart into the "Advanced Startup options menu". Click the "Troubleshoot" button, and then click the "Advanced options" button. In the advanced option screen, click "Startup settings".
Click the "Restart" button. Your PC will restart into the Startup Settings screen. Press F5 to boot in Safe Mode with Networking.
Video showing how to start Windows 8 in "Safe Mode with Networking":
Windows 10 users: Click the Windows logo and select the Power icon. In the opened menu click "Restart" while holding "Shift" button on your keyboard. In the "choose an option" window click on the "Troubleshoot", next select "Advanced options".
In the advanced options menu select "Startup Settings" and click on the "Restart" button. In the following window you should click the "F5" button on your keyboard. This will restart your operating system in safe mode with networking.
Video showing how to start Windows 10 in "Safe Mode with Networking":
Extract the downloaded archive and run the Autoruns.exe file.
In the Autoruns application, click "Options" at the top and uncheck "Hide Empty Locations" and "Hide Windows Entries" options. After this procedure, click the "Refresh" icon.
Check the list provided by the Autoruns application and locate the malware file that you want to eliminate.
You should write down its full path and name. Note that some malware hides process names under legitimate Windows process names. At this stage, it is very important to avoid removing system files. After you locate the suspicious program you wish to remove, right click your mouse over its name and choose "Delete".
After removing the malware through the Autoruns application (this ensures that the malware will not run automatically on the next system startup), you should search for the malware name on your computer. Be sure to enable hidden files and folders before proceeding. If you find the filename of the malware, be sure to remove it.
Reboot your computer in normal mode. Following these steps should remove any malware from your computer. Note that manual threat removal requires advanced computer skills. If you do not have these skills, leave malware removal to antivirus and anti-malware programs.
These steps might not work with advanced malware infections. As always it is best to prevent infection than try to remove malware later. To keep your computer safe, install the latest operating system updates and use antivirus software. To be sure your computer is free of malware infections, we recommend scanning it with Combo Cleaner Antivirus for Windows.
Frequently Asked Questions (FAQ)
What is "ChatGPT malware"?
"ChatGPT malware" refers to fake websites and software disguised as content related to the ChatGPT chatbot. This includes (but is not limited to) fake: social media accounts, payment webpages for premium ChatGPT services, desktop programs, Android apps, etc.
What is the purpose of fake ChatGPT content?
The unauthorized use of names, logos, and other content associated with ChatGPT – is employed to lure users into falling victim to scams. Cyber criminals usually aim to generate revenue at victims' expense. In the case of fake ChatGPT content, criminals may profit by tricking users into paying for bogus services, disclosing their financial information (e.g., credit card details, etc.), downloading/installing malware, and so on.
I have provided my personal information when tricked by a fake ChatGPT website, what should I do?
If you have provided personally identifiable or finance related information (e.g., ID card details, credit card numbers, etc.) – immediately contact the appropriate authorities. And if you believe that your online accounts are at risk – change the passwords of all possibly exposed accounts and inform their official support without delay.
What are the biggest issues that ChatGPT malware can cause?
The threats posed by an infection depend on the malware's abilities and the cyber criminals' goals. Fake ChatGPT content has been observed being used to proliferate the following Windows malware – Aurora, Lumma, RedLine, and clipper-type programs. The distributed Android malware includes Toll Fraud malware and SpyMax. However, this deceptive content may be used to spread other types of malicious software as well.
As previously mentioned, the dangers associated with an infection can vary. Generally, the presence of malware on a device may result in decreased system performance or failure, multiple system infections, data loss, serious privacy issues, hardware damage, financial losses, and identity theft.
How did I encounter fake ChatGPT content?
Fake ChatGPT websites have been noted being endorsed by likewise illegitimate ChatGPT Facebook accounts. Additionally, bogus ChatGPT mobile apps were detected on the Google Play Store and various third-party Android app stores. However, other promotional methods may also be in use.
While malware and other harmful software are primarily distributed through drive-by downloads, online scams, spam emails/messages, untrustworthy download sources (e.g., freeware and third-party sites, P2P sharing networks, etc.), illegal software activation tools ("cracks"), fake updates, and malvertising.
Will Combo Cleaner protect me from scams and remove malware from my computer?
Yes, Combo Cleaner is designed to protect computers from all manner of threats. It can detect and restrict further access to rogue, deceptive/scam, and malicious websites. It is also capable of removing unwanted and malicious software. Combo Cleaner can detect and eliminate nearly all known malware infections. Keep in mind that since sophisticated malware usually hides deep within computers – performing a full system scan is essential.