New malware steals social media credentials under guise of ChatGPT app

Kaspersky researchers have identified a new and ongoing malware campaign that capitalises on the increasing popularity of the ChatGPT AI chatbot. Cybercriminals are distributing the malware via Facebook communities, offering a fake desktop version of ChatGPT. Instead of the bot, users receive a Trojan dubbed Fobo, that steals sensitive information, such as Facebook, TikTok, and Google account credentials, as well as personal and corporate financial data. 

Kaspersky researchers recently identified an ongoing malicious campaign that targets users of ChatGPT, an AI chat-bot which has garnered attention from IT enthusiasts, creatives, and other individuals for several months. Scammers create groups on social networks that convincingly mimic official OpenAI accounts or at least appear to be communities of ChatGPT enthusiasts.

These fraudulent groups host seemingly official posts with the news about the service and promote a program posing as a desktop client for ChatGPT.

A social media post offering to get a trial account of ChatGPT

Once the users click on the link from the post, they are directed to a well-crafted website that looks almost identical to the official ChatGPT website. The site prompts the user to download a purported ChatGPT version for Windows which is in fact an archive with an executable file. The installation process begins but stops abruptly with an error message stating that the program could not be installed. Users may think the program simply was not able to install and forget about it.

Fake ChatGPT webpage offering to download the desktop version

In fact, the installation of the program proceeds without users’ knowledge and a new stealer Trojan, Trojan-PSW.Win64.Fobo, is installed on the user’s computer. This Trojan is designed to steal information about saved accounts from various browsers, including Chrome, Edge, Firefox and Brave, among others. The attackers behind the Trojan are particularly interested in stealing cookies and login credentials from Facebook, TikTok, and Google accounts, especially those related to businesses. The Trojan steals login credentials and attempts to obtain additional information, like the amount of money spent on advertising and the current balance of business accounts. The attackers are targeting the global market. The fraudulent “desktop client” for ChatGPT has attacked users in Africa, Asia, Europe, and America. 

“This campaign targeting ChatGPT is a prime example of how attackers are leveraging social engineering techniques to exploit the trust that users place on popular brands and services. It is important for users to understand that, just because a service appears to be legitimate, it doesn’t mean that it is. By staying informed and remaining cautious, users can protect themselves from these types of attacks,” comments Darya Ivanova, security expert at Kaspersky.

To stay protected and explore new technologies in a safe way, Kaspersky experts also recommend:

  • Be cautious when downloading software from the Internet, especially if it’s from a third-party website. Always try to download software from the official website of the company or service that you are using.
  • Verify that the website you are downloading software from is legitimate. Look for the padlock icon in the address bar and make sure that the website’s URL starts with https:// to ensure that the website is secure.
  • Use strong, unique passwords for each of your accounts and enable two-factor authentication whenever possible. This can help protect your accounts from being compromised by attackers.
  • Be wary of suspicious links or emails from unknown sources. Scammers often use social engineering techniques to trick users into clicking on links or downloading malicious software.
  • Use a reliable security solution and keep it up-to-date. Kaspersky Premium is updated with the latest intelligence and can help detect and remove any malware that may be on your computer.


Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.