Smartphone DarkNews

Palo Alto Networks: Malware posing as AI tool targets Android devices

The hype of ChatGPT provided an opportunity for threat actors to take advantage of exploits and spread malware. This is one of the findings of cybersecurity solutions company Palo Alto Networks’ recent research.

Palo Alto Networks’ Unit 42 Research found that there is an increase in malware disguised as AI Chatbot ChatGPT targeting Android devices.

“The malware emerged following the release of OpenAI’s GPT-3.5 and GPT-4, targeting users interested in using the ChatGPT tool,” the report said.

Palo Alto Networks: Cybercriminals spread malware via PDF files
Palo Alto Networks advises public to be wary of juice jacking

A Meterpreter Trojan disguised as a “SuperGPT” app and a “ChatGPT” app is found to send premium-rate text messages, resulting in charges for the victims that are pocketed by threat actors. Considering that Android users can download applications from various sources other than the official Google Play store, there is potential for users to obtain applications that have not been vetted by Google.

“The emergence of ChatGPT-themed APK malware poses a severe threat to the security and privacy of mobile devices,” the cybersecurity company said in its report. “These types of malware can potentially steal sensitive information, spy on user activities, and cause significant financial losses for unsuspecting victims.”

Digital code-signing certificate

The Palo Alto Networks research found that the Meterpreter Trojan enables remote access to infected Android devices upon successful exploitation. The digital code-signing certificate used in the malware samples is associated with an attacker identified as “Hax4Us.” The certificate has been used across multiple malware samples.

A cluster of malware samples, masquerading as ChatGPT-themed apps, sends SMS messages to premium-rate numbers in Thailand. These numbers incur charges for the victims, facilitating scams and fraudulent activities.

Palo Alto Networks found a malicious Android Package Kit (APK) sample, which is based on a legitimate application of the latest version of ChatGPT. They also bear the OpenAI logo as the application icon. This further deceives the clueless users who then fall victim. 

The company advises mobile users to protect their devices using various security solutions and to be more discerning with the applications they intend to download. 

“Overall, the threat of mobile malware highlights the critical importance of mobile device security,” Palo Alto Networks said. “By remaining vigilant and taking proactive steps to safeguard our devices, we can help prevent the spread of this dangerous malware and protect ourselves from potential harm.”

3 replies »