Fake ChatGPT apps have invaded the AppStore and Play Store
The rapidly growing popularity of OpenAI's advanced chatbot, ChatGPT, has inadvertently paved the way for a surge in deceptive "fleeceware" apps. These fraudulent applications have recently surfaced on Google Play and Apple's App Store, masquerading as providers of OpenAI's ChatGPT service through enticing free trial offers. Security experts from Sophos have raised concerns over the proliferation of these scam apps and the unsuspecting users who fall victim to their sneaky in-app subscriptions.
In the ever-evolving landscape of online scams, it comes as no surprise that scammers are capitalizing on major trends and emerging technologies. Large language models and generative AI, such as OpenAI's ChatGPT, have become the latest targets for cybercriminals. Exploiting the curiosity surrounding this cutting-edge technology, deceptive apps have emerged, claiming to provide access to ChatGPT's capabilities through seemingly alluring free trial offerings.
These apps have found their way into the popular app stores, Google Play and the App Store, attracting unsuspecting users who desire a taste of this groundbreaking AI-driven chatbot.
Tactics exploited by scammers
Sophos, a leading security firm, has shed light on the deceptive tactics employed by these scam apps. By strategically placing ads on social media platforms, scammers aim to target users who may be less discerning or unfamiliar with the technology. Misspelling the app's name, such as "Chat GBT," helps filter out users who might be more knowledgeable and avoid falling into the trap.
The intention is to ensnare individuals who are less likely to unsubscribe after a disappointing free trial experience, ultimately falling victim to the app's deceptive subscription fees.
These fraudulent apps, commonly known as fleeceware, present a challenge for app store operators like Apple and Google. Unlike more explicit forms of malware, fleeceware apps do not exhibit overtly malicious behavior, making them harder to detect and remove. Scammers often submit their apps for review, conveniently omitting critical details about subscription pricing and payment timelines.
This allows them to modify the terms later without altering the app's core functionality. The reliance on user subscriptions provides scammers with a steady stream of revenue, of which Apple and Google also receive a percentage.
Fleeceware in action
One such example is the Android app "Open Chat GBT". Although initially free to download, users quickly encounter an onslaught of advertisements and are restricted to using the chatbot functionality only three times. Subsequently, they are prompted to subscribe. The default option is a three-day free trial, which automatically transitions into a $10 monthly subscription. An annual subscription option, priced at $30, is also offered. Similarly, the researchers identified a comparable app on the App Store for iOS.
While Sophos researchers have successfully flagged some of the fake AI chatbot apps to Apple and Google, resulting in their removal, others remain available on these platforms. The response from both companies remains undisclosed, leaving users vulnerable to potential scams.
It is suspected that these fraudulent apps employ OpenAI's ChatGPT 3 application programming interface (API) to generate content. However, some apps may rely on lower-quality chatbot functionalities. Rather than restricting the number of queries, certain apps truncate responses, offering only snippets of information until a subscription is activated.
Subscription management challenges
One of the significant issues with fleeceware is the difficulty users face in managing their subscriptions effectively. Many users are unaware that deleting an app does not automatically cancel recurring payments. It is crucial for users to actively monitor and manage their app subscriptions to avoid falling victim to these deceptive practices.
The rise of fake ChatGPT apps in the App Store and Google Play underscores the need for increased vigilance when downloading and using new technologies. As scammers continue to exploit the popularity of advanced chatbots, it is essential for users to exercise caution, stay informed about subscription details, and actively manage their app subscriptions to protect themselves from falling prey to fleeceware.
App store operators must also enhance their oversight mechanisms to detect and remove such deceptive apps promptly.Advertisement
ChatGPT is fake (like NFT, Bitcoin, Metaverse..) so I don’t see any harm in faking a fake app.
Ironically, Apple touts how much secure its ecosystem is and allowing sideloading of apps would be a security menace. Apparently, the real menace lies in their “curated” App Store itself.
Same for play store which is worse in terms of fake apps populating the store. But atleast Google, for now, hasn’t doubled down on alternative app stores.