Beware: Fake Apps posing as Open AI’s ChatGPT App

Beware!  Behind the face of advancing technology lies a dark underbelly – that of evolving cyber crime. Here, perpetrators continually adapt their strategies, exploiting current events, government websites, and even trusted organizations’ legitimate applications to deceive users. This sophisticated approach involves the use of trusted names and logos to entice individuals into downloading fake apps with malicious intent. As cyber criminals become more adept at social engineering, it becomes imperative for individuals and businesses to remain vigilant against evolving threats. The continuous search for new avenues to target victims and gather sensitive information highlights the importance of proactive protection.

To ensure digital safety and security, Seqrite Labs actively monitors cybersecurity news and forums, staying abreast of the latest trends and threats. This proactive stance is essential for safeguarding our users against the dynamic landscape of cyber threats. In this blog, we will be delving into the anatomy of fake apps, their malicious distribution, and how vigilant brands can defend themselves against the damaging impact of these deceptive digital doppelgängers.

Fake Apps: The Persistent Surge and How they Work

The trend of fake apps is one offshoot of evolving technology, and shows no signs of receding even when Google had taken steps to purge 36 counterfeit Android security apps from the Google Play Store in 2018. These impostors, whether on Android or iOS, replicate the appearance and functionality of legitimate applications. Their insidious purpose? To deceive unsuspecting users into unknowingly welcoming them into their devices. Once they succeed with infiltration, these deceptive applications are capable of serious malicious actions, from aggressive ad displays for revenue, to illegal gathering and distribution of user’s credentials and sensitive data.

Rise of ChatGPT and its Unwanted Exploitation

ChatGPT is one of the most rapidly expanding consumer internet apps in history, and has become a force to be reckoned with, captivating a weekly audience of 100 million users as per The Verge. Ever since its unveiling a year ago, ChatGPT has become a game-changer in the AI landscape, enhancing content quality, providing virtual tutoring for education and training, and ensuring swift response times for users. Its 24/7 availability, multilingual support, and personalized interactions contribute to a seamless experience.

With scalability, natural language understanding, and a focus on digital accessibility, ChatGPT is not just a tool; it’s a catalyst for innovation, revolutionizing how we engage with information and assistance.  Unfortunately, the simplicity and user-friendly interface of ChatGPT, available around the clock, are exploited by threat actors who distribute Android malware disguised as fake ChatGPT applications with harmful spyware capabilities. Researchers at Quick Heal have identified such deceptive applications, emphasizing the need for heightened awareness and protective measures against these insidious tactics.

Upon analysis, the Fake ChatGPT app requires some risky permissions, as shown in Fig 01:

Fig 01. Complex permissions sought by the malware application

Fake ChatGPT App : How it Works

Fig 02. Fake App in the name of ChatGPT

When clicking on the application icon to launch, users are redirected to the accessibility page where they are prompted to provide accessibility permission to the fake application.

Fig 03. Grant of Accessibility permission

Upon providing accessibility permissions, the application hides its icon and runs it in the background.

Fig 04. Icon Hiding the Code

Fig 05. Application is not available in appdrawer

This app collects location-related data.

Fig 06. Collecting location related information

Additionally, it monitors incoming calls to device.

Fig 07. Monitors incoming calls

MITRE ATT&CK techniques:

Quick Heal Detection

Quick Heal can detect such malicious applications with variants of “Android.SpyNote.GEN.”

It is recommended that all mobile users should install a trusted Anti-Virus like “Quick Heal Mobile Security for Android” to mitigate such threats and stay protected. Our antivirus software restricts users from downloading malicious applications on their mobile devices. Download your Android protection here

CONCLUSION:

As depicted above, malicious actors lure users by employing icons resembling those of legitimate applications. These SpyNote applications can cause significant harm to the infected devices. Users should be aware of such ongoing cyber scams when downloading and installing applications from untrusted sources.

TIPS TO STAY SAFE:

• Download applications only from trusted sources like Google Play Store.
• Do not click on any links received through messages or any other social media platforms as they may be intentionally or inadvertently pointing to malicious sites.
• Read the pop-up messages you get from the Android system before accepting or/allowing any new permissions.
• Be extremely cautious about what applications you download on your phone, as malware authors can easily spoof the original applications’ names, icons, and developer details.
• For enhanced protection of your phone, always use a good antivirus like Quick Heal Mobile Security for Android.

Akshay Singla