Cybersecurity firm Kaspersky has warned against a malicious campaign targeting the popular ChatGPT. In its blog post, the company has claimed that fraudsters are stealing users’ social media details through suspicious links asking them to download the chatbot’s desktop version.
According to Kaspersky, the hackers create groups on social media platforms which mimic the communities of OpenAi accounts. The malicious posts contain a link asking users to download the ChatGPT desktop client.
Besides this, the scamsters also post fake login credentials of pre-created accounts claiming to give access to the chatbot. To lure the potential users, the attackers claim that each account has $50 on it balance which can be used to buy subscription.
ALSO READ: ChatGPT sparks Artificial Intelligence ‘gold rush’ in Silicon Valley
Kaspersky says that on clicking the link, a carefully made site designed to convince users to download ChatGPT desktop client opens. It is not the official site but looks like the original one.
After clicking the download button, the user unknowingly downloads an archive with an executable file. The user will either see a message saying ‘installation failed’ or some reason, or no message at all. But this is not the end of story.
A Trojan is installed on the user’s computer from where it steals login credentials stored in Chrome, Edge, Firefox and other browsers. Kaspersky has dubbed this Trojan as Trojan-PSW.Win64.Fobo.
According to the blog, the Trojan is interested in stealing login details of social media accounts on TikTok, Facebook etc. The virus steal,s usernames and passwords, and on finding a business account in one of the services, tries to get additional information such as how much money was spent on advertising from the account and what is the current balance.
In case you are unaware, there is no official desktop, mobile or any other version of ChatGPT, but only the web version.