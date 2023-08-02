Palo Alto Networks, a global leader in cybersecurity, has recently discovered a significant increase in Android malware that is posing as the popular AI Chatbot, ChatGPT. This malicious software has emerged shortly after the release of OpenAI’s GPT-3.5 and GPT-4, specifically targeting users interested in utilizing the ChatGPT tool.

The malware includes a Trojan called Meterpreter, which presents itself as both a “SuperGPT” app and a “ChatGPT” app. After successful installation, it proceeds to send premium-rate text messages to phone numbers in Thailand, resulting in financial charges for the unsuspecting victims. It is worth noting that Android users have the ability to download applications from sources other than the official Google Play store, increasing the likelihood of acquiring applications that have not undergone adequate vetting.

Key findings from Palo Alto Networks highlight the impersonation of ChatGPT, where the Android malware disguises itself as ChatGPT, coinciding with the release of OpenAI’s GPT-3.5 and GPT-4. Additionally, the malware incorporates a Trojan called Meterpreter, which grants remote access to compromised Android devices once successfully exploited.

The digital code-signing certificate associated with the malware samples has been attributed to an attacker named “Hax4Us.” This certificate has been utilized in multiple instances of malware. Moreover, a collection of samples, disguised as ChatGPT-themed apps, have been identified to be sending SMS messages to premium-rate numbers in Thailand. These premium-rate numbers generate charges for the victims, facilitating the activities of scammers and fraudsters.

