ChatGPT, the popular chat-based artificial intelligence platform, is becoming a target for malicious actors. Poisoning and phishing attacks are on the rise as more people use the platform for personal and business purposes.
Poisoning Attack Targeting Open-Sourced ChatGPT Project
A threat actor forked a very popular open-source ChatGPT desktop application project and implanted a data-stealing Trojan named “Install ChatGPT. exe” in an attempt to spread it to the network by taking advantage of the high popularity of ChatGPT.
The author of this popular open-source project has issued an urgent notice, as shown in the figure below.
IOC
C2:
82.115.223.66
209.197.3.8
File:
Spreading Malware with Unofficial ChatGPT Social Media Page and Phishing Website
A threat actor created an unofficial ChatGPT page on the social media platform FaceBook to attract victims to visit their phishing website.
This account has a large number of followers and visitors. The media account makes the page look credible by publishing multiple posts about ChatGPT and other OpenAI tools. However, the ultimate goal of all these posts is to guide users to click the links contained therein, take victims to different phishing pages and induce them to download and run malicious files.
The social media page has 5.9K likes and 6.3K followers as of this writing.
The latest post below includes a link to a phishing domain name, a fake website mimicking the official ChatGPT website. Victims will be induced to download the malware disguised as a ChatGPT application for computers.
The phishing website looks like below:
When a victim clicks the button DOWNLOAD FOR WINDOW, a compressed file named “ChatGPT-OpenAI-.Full-Destop- 63f6f5c3ae530d5930f758b2.rar” will be downloaded from the URL “hxxps://rebrand.ly/2jehspschatgpt” automatically.
Although the website has been blocked, we strongly recommend that you be on alert for such phishing attacks when surfing the Internet.
IOC
C2:
openai-pc-pro[.]online
chat-gpt-pc[.]online
pay[.]chatgptftw[.]com
rebrand[.]ly
chatgpt-go.online
chat-gpt-online-pc.com
File:
Conclusion
Almost everyone is connected in the digital world today. We should always keep improving security awareness in our daily use of the Internet. For popular applications like ChatGPT, we need to regularly update the system to ensure it is running the latest security patches, avoid clicking on links or attachments in emails from unknown senders, check the URL carefully to make sure it is from official channels and be cautious when providing personal information online.
