Scammers are riding the hype over ChatGPT, a chatbot capable of creating human-like conversations using natural language processing (NLP), as Sophos, a company that provides cybersecurity-as-a-service (CaaS), discovered several fake apps overcharging users.
According to Sophos, the scam apps, or fleeceware, available in the Apple App Store and Google Play, are free versions and have near-zero functionality and constant ads. Scammers force users to sign up for subscriptions that could cost hundreds of dollars a year.
“Scammers banking on the fact that users won’t pay attention to the cost or simply forget that they have this subscription,” Sean Gallagher, principal threat researcher, Sophos, said in a media release. “They are specifically designed so that they may not get much use after the free trial ends, so users delete the app without realizing they’re still on the hook for a monthly or weekly payment.”
One of the major red flags of fleeceware apps, which Sophos first discovered in 2019, is that they overcharge users for services or functionality that are already free elsewhere. Scammers resort to social engineering and force users to sign up for a recurring subscription payment.
Red flags to watch out for
Users should also watch out for poorly written ads that offer free trials because this may mean that they cannot use the app unless they pay for a subscription or if they did, there could barely provide any types of functionality.
“They also inflate their ratings in the app stores through fake reviews and persistent requests of users to rate the app before it’s even been used or the free trial ends,” Sophos said.
In total, Sophos X-Ops investigated five of these ChatGPT fleeceware apps, all of which claimed to be based on ChatGPT’s algorithm. In some cases, as with the app “Chat GBT,” the developers played off the ChatGPT name to improve their app’s ranking in the Google Play or App Store.
Trust your eyes when you see Chat “GBT”
While OpenAI offers the basic functionality of ChatGPT to users for free online, these apps were charging anything from $10 a month to $70 a year. The iOS version of “Chat GBT,” called Ask AI Assistant, charges $6 a week, or $312 a year, after the three-day free trial; it netted the developers $10,000 in March alone. Another fleeceware-like app, called Genie, which encourages users to sign up for a $7 weekly or $70 annual subscription, brought in $1 million over the past month.
Fleeceware apps are specifically designed to stay on the edge of what’s allowed by Google and Apple in terms of service, and they don’t flout the security or privacy rules, so they are hardly ever rejected by these stores during the review.
“While Google and Apple have implemented new guidelines to curb fleeceware since we reported on such apps in 2019, developers are finding ways around these policies, such as severely limiting app usage and functionality unless users pay up,” Gallagher said.