Amid the euphoria over generative AI solutions and their ability to produce content effortlessly, hackers have moved in to make a quick buck by fleecing prospective users.
They are coming out with phishing apps and websites that offer ChatGPT-like chatbots. The phishing apps mislead users with GPT-sounding names and trick them into buying subscriptions. Surprisingly, some of these apps have surfaced on Google Play and App Store, the app stores of Google and Apple, respectively.
“We have found out that there are multiple apps masquerading as legitimate ChatGPT-based chatbots to overcharge users and bring in thousands of dollars a month,” cybersecurity firm Sophos said in its latest report, ‘FleeceGPT — Mobile Apps Target AI-Curious to Rake in Cash’.
Also read:Why Indian businesses are rushing to adopt ChatGPT
While OpenAI offers the basic functionality of ChatGPT for free online, the spurious apps were charging anything from $10 a month to $70 a year for the same. The iOS version of one of these fleeceware apps charges $6 a week — or $312 a year — after the three-day free trial.
“It netted the developers $10,000 in March alone. Another fleeceware-like app, found to be asking for a $7 weekly or $70 annual subscription, brought in $1 million over the past month,” the report said.
“Scammers have, and always will use the latest trends or technology to line their pockets. ChatGPT is no exception. With interest in AI and chatbots arguably at an all-time high, users are turning to the Apple app and Google Play stores to download anything that resembles ChatGPT,” Sean Gallagher, principal threat researcher, Sophos, said.
These types of scam apps, often bombard users with ads until they sign up for a subscription. They’re banking on the fact that users won’t pay attention to the cost or simply forget that they have this subscription.
“They’re specifically designed so that they may not get much use after the free trial ends, so users delete the app without realising they’re still on the hook for a monthly or weekly payment,” Gallagher said.
Sophos said it investigated five of these ChatGPT fleeceware apps, all of which claimed to be based on ChatGPT’s algorithm. In some cases, the developers played off the ChatGPT name to improve their app’s ranking in the Google Play or App Store.
Key attributes
The key characteristics of these fleeceware apps, first discovered by Sophos in 2019, are overcharging users for functionality that is already free elsewhere, as well as using social engineering and coercive tactics to convince users to sign up for a recurring subscription payment.
Also read:ChatGPT, a double-edged weapon
While Google and Apple have implemented new guidelines to curb fleeceware, developers are finding ways around these policies, such as severely limiting app usage and functionality unless users pay up.
Read the fine print
“Users need to be aware that these apps exist and always be sure to read the fine print whenever hitting ‘subscribe.’ Users can also report apps to Apple and Google if they think the developers are using unethical means to profit,” Gallagher said.
.For users who have already downloaded these apps, they should follow the App or Google Play store’s guidelines on how to ‘unsubscribe’. Simply deleting the fleeceware app will not void the subscription, he cautioned.