Any major trend Any world event, from the coronavirus pandemic to the cryptocurrency craze, will quickly serve as a launch pad for digital phishing attacks and other online scams. In recent months it has become clear that the same would also apply to large language models and generative AI. Today, researchers at security firm Sophos warn that the latest version of it is appearing on Google Play and Apple’s App Store, where rogue apps pretend to offer access via free trials to OpenAI’s chatbot service ChatGPT, which eventually charges subscription fees.
There are paid versions of OpenAI’s GPT and ChatGPT for regular users and developers, but anyone can try the AI chatbot for free on the company’s website. The scam apps take advantage of people who’ve heard about this new technology — and perhaps the rush of people dying to use it — but don’t have much additional context to try them out for themselves. Researchers first learned about the scam apps after seeing advertisements for them on messaging apps and social media. However, users can also come across them when searching Google Play and App Store.
“I’ve seen several ads for these types of apps on social media platforms where it’s cheap to advertise and sometimes they use tactics like typos in the name – the app is called ‘Chat GBT’ or others -, to weed out people who might be a little smarter,” says Sean Gallagher, senior threat researcher at Sophos. “They try to weed out people who would use the free trial and then cancel it because it sucks. They want people who aren’t focused enough to know how to unsubscribe.”
Such scams are called fleeceware. And these apps, which force their victims to pay a regular weekly or monthly fee, are difficult to eradicate since they typically don’t exhibit the technically invasive and malicious behavior that would cause more explicit malware to be launched. When scammers submit their apps to Apple and Google for review, the researchers say they may not provide full details on subscription pricing and when users must pay to continue getting features. Later, they can revise their requirements without changing anything in the development of the app.
Google and Apple provide mechanisms for developers to offer in-app purchases, both one-time and recurring fees. And these companies get a cut every time apps collect payments from users in their app stores.
In the case of the Android app Open Chat GBT, users were able to download the app for free but were quickly faced with huge amounts of ads and were only able to try the chatbot three times before losing access to its functionality and being prompted to subscribe. By default, users can sign up for a three-day free trial to continue using the app. This would then become a $10 monthly subscription. Open Chat GBT also offered a $30 annual subscription. The researchers found a very similar app with a different name from the same developer for iOS on the App Store.