The ChatGPT-powered cyber threats you should absolutely know about

tech.hindustantimes.com:

The ChatGPT craze is sweeping the mainstream, with celebrities and even politicians using the technology in their daily lives. However, among the everyday folks taking advantage of cutting-edge generative artificial intelligence (AI) tools, there's a darker, more nefarious subset who are abusing the technology: hackers.

While hackers haven't made great strides in the relatively new genre of generative AI, keeping yourself aware of how they may be able to leverage the technology is advised. A new Android malware has emerged that presents itself as ChatGPT according to a blog post from American cybersecurity giant Palo Alto Networks. The malware made its appearance just after OpenAI released its GPT-3.5 and GPT-4 in March 2022, targeting users interested in using the ChatGPT tool.

According to the blog, the malware includes a Meterpreter Trojan masked as a "SuperGPT" app. After successfully being exploited, it allows remote access to infected Android devices.

The digital code-signing certificate used in the malware samples is connected with an attacker that calls itself "Hax4Us". The certificate has already been used across several malware samples. A cluster of malware samples, disguised as ChatGPT-themed apps, sends SMS messages to premium-rate numbers in Thailand, which then incur charges for the victims.

The risk for Android users stems from the fact that the official Google Play store isn't the only place where they can download applications, so that unvetted applications find their way into Android phones.

The rise of advanced technologies such as OpenAI's GPT-3.5 and GPT-4 has inadvertently facilitated the creation of new AI-powered threats. The 2023 ThreatLabz Phishing Report by Zscaler, Inc. emphasizes that these