Kaspersky researchers have discovered a new and continuing malware campaign that is taking advantage of the growing popularity of the ChatGPT AI chatbot.
Cybercriminals are spreading the malware through Facebook networks, posing as a desktop version of ChatGPT. Instead of the bot, users are infected with the Fobo Trojan, which steals sensitive data such as Facebook, TikTok, and Google account credentials, as well as personal and corporate financial information.
Kaspersky researchers recently discovered an ongoing malicious campaign targeting users of ChatGPT, an AI chat-bot that has piqued the interest of IT enthusiasts, creatives, and others for several months.
Fraudsters construct social media groups that convincingly resemble official OpenAI accounts or appear to be communities of ChatGPT fans.
These phony groups host supposedly official posts about the service and push an application posing as a ChatGPT desktop client.
Those who click on the link in the post are taken to a well-designed website that looks virtually identical to the legitimate ChatGPT website.
The website directs users to download a reported ChatGPT version for Windows, which is actually an archive containing an executable file.
The installation begins but abruptly ends with an error message claiming that the program could not be installed. Users may believe that the program was simply unable to install and dismiss it.
In actuality, the software is installed without the user’s awareness, and a new stealer Trojan, Trojan-PSW.Win64.Fobo, is placed on the user’s PC.
This Trojan is meant to steal information about stored accounts from browsers such as Chrome, Edge, Firefox, and Brave. The Trojan’s authors are particularly interested in obtaining cookies and login credentials from Facebook, TikTok, and Google accounts, particularly those associated with businesses.
The Trojan steals login credentials and attempts to gather other information such as advertising budgets and business account balances.