Wednesday, July 12, 2023

Android Malware Disguised as ChatGPT Apps Targeting Smartphone Users : Palo Alto Networks Unit 42 Research

Palo Alto Networks ANDRIOD MALWARE

MANILA, PHILIPPINES—Palo Alto Networks, the global cybersecurity leader, has recently found a surge in Android malware that is pretending to be the popular AI Chatbot ChatGPT. The malware emerged following the release of OpenAI's GPT-3.5 and GPT-4, targeting users interested in using the ChatGPT tool.

A Meterpreter Trojan disguised as a "SuperGPT" app and a "ChatGPT" app are found to send premium-rate text messages, resulting in charges for the victims that are pocketed by threat actors. Considering that Android users can download applications from various sources other than the official Google Play store, there is potential for users to obtain applications that have not been vetted by Google.


Key findings include:


  • Impersonation of ChatGPT: A new android malware has emerged, disguising itself as ChatGPT. This surge coincided with the release of OpenAI's GPT-3.5 and GPT-4, targeting users interested in ChatGPT.

  • Meterpreter Trojan: The malware includes a Meterpreter Trojan disguised as a "SuperGPT" app. It enables remote access to infected Android devices upon successful exploitation.

  • Certificate Attribution: The digital code-signing certificate used in the malware samples is associated with an attacker identified as "Hax4Us." The certificate has been used across multiple malware samples.

  • SMS to Premium-Rate Numbers: A cluster of malware samples, masquerading as ChatGPT-themed apps, sends SMS messages to premium-rate numbers in Thailand. These numbers incur charges for the victims, facilitating scams and fraudulent activities.


About Palo Alto Networks

Palo Alto Networks is the world’s cybersecurity leader. We innovate to outpace cyberthreats, so organizations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we’re committed to helping ensure each day is safer than the one before. It’s what makes us the cybersecurity partner of choice.

At Palo Alto Networks, we’re committed to bringing together the very best people in service of our mission, so we’re also proud to be the cybersecurity workplace of choice, recognized among Newsweek’s Most Loved Workplaces (2021 and 2022), Comparably Best Companies for Diversity (2021), and HRC Best Places for LGBTQ Equality (2022). For more information, visit

No comments:

Post a Comment