Between March 3rd – 9th at least 2,000 people a day downloaded the malicious "Quick Access to ChatGPT from the Google Play app store. The extension promised users a quick way to interact with the hugely popular AI chatbot. IN reality it was harvesting a wide range of information from the browser, stealing cookies of all authorised sessions and installing a backdoor that gave the malware super-admin permissions to the users Facebook account. This is not a novel attack there have been countless numbers of actors capitalising on ChatGPT's popularity. One example was to set up a fake ChatGPT landing page where users were tricked into "signing up" only to end up downloading a trojan called Fobo. As well as a proliferation of fake ChatGPT apps to spread windows and android malware.
Read the full article here.
