Fake ChatGPT desktop client spreads a Trojan horse

On February 22, 2023, Kaspersky warned about a fake ChatGPT Windows desktop client offered for download. Cybercriminals are leveraging the popularity of the OpenAI chatbot to spread a Trojan horse.

Indeed, as a victim of its success, the ChatGPT site is sometimes not usable, facing the influx of requests. OpenAI has even launched a subscription with priority access and faster text generation for $20 per month. More generally, the site requires an account to be used.

Cybercriminals are therefore playing on this need to have more efficient ways to access the chatbot. They have created accounts on social media that mimic those of communities of ChatGPT enthusiasts. They regularly post messages with information about the chatbot.

But these posts also contain a link to download a so-called Windows desktop client of ChatGPT, to access it without having an account. Such a tool does not exist, by the way, as ChatGPT is only available on the official OpenAI website. To further attract users, the messages promise a free $50 credit for the chatbot’s premium features.

The URL of the link to the alleged Windows desktop client is plausible. It leads to a site that looks very similar to the OpenAI site, where you can download an archive containing an executable file. This is actually a Trojan horse, named « Trojan-PSW.Win64.Fobo » by Kaspersky.

The malware was designed to siphon off credentials stored in browsers including Chrome, Edge, Firefox, Brave, and CôcCôc (popular in Vietnam). It specifically targets cookies and Facebook, TikTok, and Google accounts, including business accounts.

According to Kaspersky, the attackers are targeting the international market. Security researchers have already spotted occurrences of the « ChatGPT desktop client » scam in Asia, Africa, Europe, and America.